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About This Guide 


This guide provides information about the interface of the Wizards, the layout of the Wizards, using 
the Wizards to enbaling applications for single sign-on. 


This guide contains the following sections: 
¢ Chapter 1, “Introduction,” on page 7 
¢ Chapter 2, “Understanding the Application Definition Wizard Interface,” on page 9 
¢ Chapter 3, “Using the Application Definition Wizard,” on page 65 
¢ Chapter 5, “Setting the Wizard Mode Preference,” on page 123 
¢ Chapter 6, “Deploying Application Definitions,” on page 125 
¢ Chapter 7, “Compatibility with Earlier Versions,” on page 127 
¢ Chapter 8, “Limitations, Tips, and Troubleshooting,” on page 129 


Audience 
This guide is intended for: 


¢ System Administrators 
¢ System Integrators 
¢ IT Support Staff 


Feedback 


We want to hear your comments and suggestions about this manual and the other documentation 
included with this product. Please use the User Comments feature at the bottom of each page of the 
online documentation, or go to www.novell.com/documentation/feedback.html and enter your 
comments there. 


Documentation Updates 


For the most recent version of the Administration Guide for Application Definition Wizard Guide, visit the 
Novell SecureLogin Documentation Web site (http://www.novell.com/documentation/securelogin70/ 


} 


Additional Documentation 


For documentation on other Novell SecureLogin documentation, see the Novell SecureLogin 
Documentation Web site (http://www.novell.com/documentation/securelogin70). 


The other documents available with this release of Novell SecureLogin are: 


* Getting Started 


+ Novell SecureLogin Readme 
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+ Novell SecureLogin Quick Start Guide 
+ Novell SecureLogin Overview Guide 
¢ Installation 
e Novell SecureLogin Installation Guide 
¢ Administration 
+ Novell SecureLogin Administration Guide 
+ Novell SecureLogin Citrix and Terminal Services Guide 
+ pcProx Guide 
+ End User 
+ Novell SecureLogin User Guide 
+ Reference 


+ Novell SecureLogin Application Definition Guide 


Documentation Conventions 


In Novell documentation, a greater-than symbol (>) is used to separate actions within a step and 
items in a cross-reference path. 
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1.1 


Introduction 


This section contains an overview of application definition and introduces the Application Definition 
Wizard. 
¢ Section 1.1, “What is an Application Definition?,” on page 7 


è Section 1.2, “The Application Definition Wizard,” on page 8 


What is an Application Definition? 


An application definition is a set of instructions that Novell SecureLogin follows to perform tasks on 
Windows applications, Java applications, or Web pages. For example, you can use an application 
definition to save user login credentials, so users don’t need to type a username and password every 
time they want to access an application. 


NOTE: Throughout the document, we refer to all the Web, Windows, and Java applications as 
applications. 


An application definition is a collection of instructions that handle multiple operations associated 
with credentials of the application such as login, change password, application prompts, application 
notifications. It contains specific instructions that allow the software client to analyze an application 
after it is launched and determine whether some specific actions need to be performed. 


Application definitions specify how Novell SecureLogin interacts with an application to use a single 
sign-on credential. Novell SecureLogin comes with predefined application definitions for many 
commercial applications. 


You can use the predefined application definitions or create new application definition to enable 
single sign-on for applications. You can also use application definitions to assign instructions for each 
dialog box or screen that an application displays. You can choose to define actions for a selected 
window, a login screen, or an entire application. Application definitions can also include commands 
to automate password changes on behalf of users and to request user input when required. 


Application definitions are stored and secured within the directory to ensure maximum security, 
support for single-point administration, and for manageability. 
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1.2 The Application Definition Wizard 


The Application Definition Wizard provides an easy and intutive interface to create new user- 
specific application definitions. It also manages the user-specific credentials and tasks that Novell 
SecureLogin performs on multiple applications, including the following: 


+ Retrieving and entering login details. 


+ Automating many login processes, including multi-page logins and login panels that require 
miscellaneous information such as surnames, telephone numbers, or IP addresses. These can 
also be stored in the directory. 


When you log in to an application for the first time if you have permission to create an application 
definition, you are prompted to create an application definition if Novell SecureLogin is active on 
your workstation. 


Although you can enable various types of application for single sign-on using the application 
definition wizard, some specific applications cannot be enabled for single sign-on. For information 
on such applications, read Chapter 8, “Limitations, Tips, and Troubleshooting,” on page 129. 
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Understanding the Application Definition 
Wizard Interface 


Figure 2-1 The Application Definition Wizard Interface 


S New -| x 


5 SG Yahoo! Mail: The best web-based email! 
o [E] Logon (i) SecureLogin needs to identify the logon screen for this application. You can choose or 
E Yahoo! Mail: The best web-baset cenonte siccin a tape. 
Logon Notification 
Change Password 


Change Password Notification 
Other erm Choose the logon screen for this application 


Drag the Choose icon onto the logon screen. 


This SecureLogin window will move behind all other 
windows while you select the target screen. 


Screen Title Yahoo! Mail: The best web-based email! Show me 


The user interface of Novell SecureLogin Application Definition Wizard includes various forms that 
help in managing the application definitions. 
After you launch the Application Definition Wizard, the wizard page has the following main 
components on the interface: 

+ Section 2.1, “The Application Screens Pane,” on page 10 


è Section 2.2, “Attributes Pane,” on page 60 
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+ Section 2.3, “General Controls and Messages,” on page 60 
è Section 2.4, “Selecting and Identifying Screens and Controls,” on page 61 
¢ Section 2.5, “Recording Keystrokes,” on page 62 


è Section 2.6, “Using Regular Expressions,” on page 63 


2.1 The Application Screens Pane 


The Application Screens pane is shown on the left side of the Application Definition Wizard interface. 


The Applications Screens pane has a list of the application forms enabled for single sign-on, change 
password, notifications, and others. 


The advanced options are displayed only if you select them. 


Figure 2-2 The Application Screens Pane 


The Application Screens pane contains the following menus: 


¢ Section 2.1.1, “Logon,” on page 10 

è Section 2.1.2, “Login Notification,” on page 26 

+ Section 2.1.3, “Change Password,” on page 34 

+ Section 2.1.4, “Change Password Notification,” on page 45 
+ Section 2.1.5, “Other,” on page 54 


2.1.1 Logon 


You can create application definitions for a login screen, through the Logon screen. For this, you must 
complete the following tasks: 

¢ “Identifying the Screen” on page 11 

¢ “Selecting the Credential Source” on page 11 

¢ “Identifying the Fields” on page 14 

¢ “All Fields” on page 17 


¢ “Specifying Reauthentication” on page 19 
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¢ “Selecting the Submit Options” on page 21 
¢ “Determining the Matching Criteria” on page 25 


These are displayed in the Section 2.2, “Attributes Pane,” on page 60. 


Identifying the Screen 


Novell SecureLogin identifies the login screen of the application for which you want to enable single 
sign-on. You can use the Identify screen attribute to select or change the login screen of the application. 


Figure 2-3 The Identify Screen 


@ SecureLogin needs to identify the logon screen for this application. You can choose or 
-change the selection on this pane. 


Choose the logon screen for this application 


Drag the Choose icon onto the logon screen. Choose 


This SecureLogin window will move behind all other 
windows while you select the target screen. 


Screen Title Yahoo! Mail: The best web-based... Show me 


1 Inthe Application Screens pane of the wizard, select the login screen by dragging the Choose & 
icon to the login screen. 


2 Click the Show me icon to highlight the selection made by the wizard. 


Selecting the Credential Source 
1 Use the Credential source menu to select the credentials that Novell SecureLogin must use in an 


application. Typically, you can have only one credential set for an application. If a second login is 
enabled with different credential set, it replaces the first set of credentials. 
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@ Most applications use their own application specific usemame and password. a 
However, some applications might re-use credentials from another source, such as the E 
user's network credentials or a related application. They might also use an advanced 
method such as an OTP generated on a smartcard. The credential set may also X 


Å. $ oea 


@ Which credentials should this application use? 


> This application's own credential set 


> Other... 
Application re-uses credentials from another source such as network login credentials 


or a related application 


2 Select This application’s own credential set to allow Novell SecureLogin create a discrete set of 
credentials for the application. The credential set is recognized by the name of the application. 
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new |X | 
E Yahoo! Mail: The best web-based email! 
B E] Logon 
[@ Yahoo! Mail: The best web-base @ Most applications use their own application specific usemame and password. a 
Logon Notification However, some applications might re-use credentials from another source, such as the a 
Change Password user's network credentials or a related application. They might also use an advanced 
oD cover Fema ie ee ee el ~ 
Other 


Where wil credentials for this application come from? 


[V] This application requires other credential source 


© The user's network login credentials 
© Another SecureLogin enabled applicaton 
© SecureLogin selects credentials based on a value identified on this screen 


4 m 
e) (__ test] 


There are incomplete screen attributes that require more information 


3 Select Other to choose another source of credentials for the application. You choose from the 
following sources. 


+ A one-time password from a smart card: Select this option to use a one-time password 
from a smart card to log in to the application. 


¢ The user's network logon credentials: Select this option to use the user’s directory 
credentials to log in to the application. 


+ Another SecureLogin enabled application: Select this option to use the credentials of 
another application that is already enabled for single sign-on. Select a credential set from 
the list of applications displayed under Another SecureLogin enabled application. 


Figure 2-4 Selecting Another Application’s Credentials 


Internet Explorer 6.0 and 7.0 
notepad.exe 
testLogin.exe - testLogin 
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+ SecureLogin selects credentials based on a value identified on this screen: Select this 
option when the login information for an application is determined by the presence of a 
particular value in the login screen. You can specify a text value in the field. 


Regular expressions are supported. For example, you can specify a regular expressions 
such as: 


Connecting to server (.*) 


The (.*)specifies the value that must be captured to define the credentials. You can have 
one credential set for each regular expression value. 


Figure 2-5 Selecting Credentials Based on a Value 


Type the regular expression SecureLogin will use to identify the credentials. 


Identifying the Fields 


1 Use the Identify fields menu to review or change the selection of fields recognized by the wizard. 


2 If you select No. SecureLogin is not required to handle the fields on this screen, Novell SecureLogin 
does not handle any fields detected on the application. Use this option to create a common 
credential set that you can use with several applications. You can link other application 
definitions to this common credential set. 
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| Gas} New -| x 
S §@ Yahoo! Mail: The best web-based email! 
5 [E Logon i 
[@ Yahoo! Mai: The best web-base: 
Logon Notification 
Change Password 6 SecureLogin needs to identify the fields used to logon to this application. The first fields on this a 
Change Password Notification pene e ace Aah ak Pai, such as usemame and password. You might also want to g 
$ Configure more fields that exist on the logon screen. However, you may also decide that 
SecureLogin is not required to handle any logon fields on this form. X 


Do you want to select or review logon fields for SecureLogin 
to handle? 


> No. SecureLogin is not required to handle the fields on this screen. 


> Yes. Let me select or review the logon fields. 
SecureLogin will need to know more information to do this. 


3 Ifyou select Yes. Let me select or review the logon fields, you can review and confirm if the fields are 
selected correctly by the wizard. 


By default, Novell SecureLogin uses the field names as the prompts in its dialog boxes. You can 
edit the field names for more clear and user-friendly names. 


4 If the fields are not identified correctly, drag the Choose & icon to the fields and click Show me. 
The identified fields are highlighted. 
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(@ SecureLogin needs to identify the fields used to logon to this application... 


|] Select or review logon fields. 


Yahoo! ID: Choose 


Treat field as sensitive field 
Navigate to field using keystrokes 


Password: 


[V] Treat field as sensitive field 
[E] Navigate to field using keystrokes 


Type the text that SecureLogin presents when prompting for username and password. 


Prompt: 
Please edit your login variables. 


5 Select Treat text field as a sensitive field to hide the characters with asterisks. This choice is optional 
for a username, but selected by default for a password. 


6 Select Navigate to field using keystrokes, if you cannot identify the correct field through other 
methods. 


6a Click Start. 
6b Specify the keystrokes. 


Please select the form you are scripting 


Keystrokes recorded: 


| <alt><shift+><\145>| 


6c Click Close to return to the Identify fields menu. 
6d Click Stop to stop the recording. 
Novell SecureLogin begins using the specified keystrokes at the subsequent login. 
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All Fields 


1 Click All Fields to show other fields detected by the wizard on the login screen. Each control is 
listed by type and name (if known). 


[C] EditBox 


EditBox 


CheckBox 


ComboBox 


RadioButton 


olololola 


RadioButton 


When the Application Definition Wizard retrieves the default controls such as the username and 
password fields, they are identified as primary controls and identified in Identify Fields menu. 
See Figure 2-8 on page 28. 


These controls are also listed with all other controls in the All Fields menu. By default, they are 

selected and dimmed. However, if you use the All Fields menu to set the control definitions for 

primary controls selected in Identify Fields menu, the selections made in the Identify Fields menu 
is updated. 


The other fields are: 
e “Edit Box” on page 17 
e “Check Box” on page 18 


+e “Combo Box” on page 18 


¢ “Radio Button” on page 19 


Edit Box 


1 Ifa text box is detected, use the Action drop-down list to configure Novell SecureLogin to: 
¢ Ask the user to enter a value into field: If you select this option, specify a user-friendly 
name and the message to prompt users to specify a value. 


NOTE: If you select Remember first value entered, Novell SecureLogin saves the first value 
entered in this field and automatically enter it on all subsequent logins. 


The User-Friendly Name is also used as the variable name in the Novell SecureLogin Client 
Utility. 


Select Treat as sensitive field to treat the username field like a password field and hide the 
characters with asterisks. 
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+ Use the value selected below for all users: If you select Use the value selected below for all 
users, specify the message that Novell SecureLogin displays. 


EditBox | | Show me 


What should SecureLogin do with this field? 


Action: 


[Ask the user to enter a value into field v | 


Remember first value entered 


Type a user-friendly name to describe this value in the user's credential set 
User-Friendly Name: 


User name 


[C] Treat as sensitve field 


Type the prompt that SecureLogin displays when the user is asked for this value 
Prompt: 
User name: 


Check Box 


1 Ifa check box is detected, use the action Use the value selected below for all users to select whether 
the check box is to be selected or deselected. 


CheckBox | This is a checkbox | fe) Show me 


What should SecureLogin do with this field? 


Action: 


Use the value selected below For all users v | 


Select a value for the checkbox: 
Unchecked 


Unchecked 


| O Show me 


Combo Box 


1 If a drop-down list box or any other kind of combination box is detected, use the Action drop- 
down list to configure Novell SecureLogin to: 


+ Use the value selected below for all users: If you select Use the value selected below for all 
users, specify the option Novell SecureLogin selects. This is the only option available for 
combo boxes in Web applications. 


+ Ask the user to select from the list that the application presents: If you select User is to 
select from the list the application presents, specify a name for the value and the text used to 
prompt users. This option is not available for Web applications. 


If you select Remember the value the user selects and do not prompt again, Novell SecureLogin 
stores and automatically enter this value into this screen in the future. 
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Figure 2-6 Specifying Values for a Combo Box 


| ComboBox | Select 4 Server... 


| Show me 


What should SecureLogin do with this field? 


Action: 


User is to select From the list that the application presentsik@ 


User-Friendly Name: 


Remember the value the user selects and do not prompt again 


Type a user-friendly name to describe this value in the user's credential set 


C] Treat as sensitve field 


Prompt: 


Type the prompt that SecureLogin displays when the user is asked for this value 


Radio Button 


1 Ifa radio button is detected, use the Use the value selected below for all users action to select 


whether the radio button is selected or not. 


|] RadioButton | Radiol 


| Show me 


What should SecureLogin do with this field? 


Action: 


‘Use the value selected below For all users ~ | 


Select a value for the Radio button: 


Not Selec:ed hk 


Selected pe ere ÄĀůġöòů 
piselected | een ro 


| Show me 


Specifying Reauthentication 


1 Use the Re-authentication menu to specify how users must reauthenticate. Specify whether they 
must reauthenticate with their network credentials or by using an authentication device. 
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ri] SecureLogin can prompt the user to re-authenticate with their network credentials or 
strong authentication device before SecureLogin retrieves and submits the application's 


@ Do you want to enforce re-authentication? 


> No. The user is not required to re-authenticate. 


® Yes. Enforce re-authentication before accessing this application. 


2 Ifyou select No. The user is not required to re-authenticate, Novell SecureLogin does not prompt 
users to reauthenticate before providing the credentials to the application. 


If you select Yes. Enforce re-authentication before accessing this application, users must specify the 
credentials that Novell SecureLogin uses to reauthenicate the user’s identity. 
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(@ SecureLogin can prompt the user to re-authenticate with their network credentials or 
-strong authentication device before SecureLogin retrieves and submits the application's 
credentials. 


Re-authentication rules 


[V] Enforce re-authentication before accessing this application. 


Select from the methods detected: 
<Default> 


Cancel actions 


If a user tries to cancel SecureLogin's prompt for credentials, SecureLogin should: 


(@ Type the following keystrokes: 


Keystrokes recorded: 
<enter> 


3 From the Select from the methods detected drop-down list, select the method Novell SecureLogin 
must use to authenticate the credentials. You can select one of the following options: 


¢ Default: The method the user used to log in to the application. 
+ Use same credentials as network login: Use the network login credentials. 
¢ Password: The network password. 


+ Smart card: After the PIN is verified, Novell SecureLogin checks to see if the smart card is 
available to the user. 


You must also specify the action for Novell SecureLogin to take when the user cancels 
reauthentication. You can define one of the following actions: 


+ Click this button: Select a button on the application that Novell SecureLogin clicks when a 
user cancels the reauthentication dialog box. Select and highlight the button by dragging 
the Choose & icon to the button you want and clicking Show me. 


+ Type the following keystrokes: Define the commands or keystrokes that Novell 
SecureLogin enters when a user clicks Cancel on the reauthentication dialog box. To record 
keystrokes: 


1. Click Start. 
2. Specify the keystrokes. 
3. After you have recorded the keystrokes, click Close. 


Selecting the Submit Options 


1 Use the Submit options menu to define how Novell SecureLogin submits the login screen. 
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@ Use these options to tell SecureLogin how to submit the logon screen. The submit action 
could be pressing a button. Altematively, SecureLogin may do nothing and allow the user 
to submit the screen. 


e How is the logon screen submitted? 


© The user submits the screen 


> SecureLogin submits the screen 
Configure SecureLogin to dick button or type keystrokes. 


2 If you select The user submits the screen, Novell SecureLogin does nothing and the user must 
manually submit the login screen. 


3 If you select SecureLogin submits the screen, specify the action that Novell SecureLogin must take 
to submit the login screen. 
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@ Use these options to tell SecureLogin how to submit the logon screen. The submit action fa) 
could be pressing a button. Altematively, SecureLogin may do nothing and allow the user = 
to submit the screen. 


Login actions 


SecureLogin submits the logon screen 
How should SecureLogin submit this screen? 
Click this button: 


@ Type the following keystrokes: 


<enter > 


Enable action when user cancels to enter their credentials 


You can specify one of the following actions: 


¢ Click this button: Select a button on the application that Novell SecureLogin clicks when a 
user submits the screen. Select and highlight the button by dragging the Choose & icon to 
the button you want and clicking Show me. 


+ Type the following keystrokes: Define the commands or keystrokes that Novell 
SecureLogin enters to submit the login screen. To record keystrokes: 


1. Click Start. 
2. Specify the keystrokes. 
3. After you have recorded the keystrokes, click Close. 


¢ Enable action when user cancels to enter their credentials: If you select this option, 
specify the action Novell SecureLogin takes when a user cancels credential entry. 
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@new ~| Xx 


E Ø Adobe - Sign In 
3 [=] Logon 
{@ Adobe - Sign In (i) Soc le 1e a masage hat the eee re ater Socuelogn 

= (@ Logon Notification has submitted credentials. en displaying incorrect 

[@ New Logon Notification Form rd. U i how to respond when the logon 
[A] Change Password presented 
Š Change Password Notification 

Other 


Error Credentials. Please type in correct one 


Which credentials should SecureLogin make available for user update? 


Enable action when user cancels to enter their credentials 


If a user tries to cancel SecureLogin's prompt for credentials, SecureLogin should: 
Click this button: 
© Type the following keystrokes: 


| ‘2 Matching criteria 


a Cm) 


There are incomplete screen attributes that require more information 


You can specify one of the following actions: 


¢ Click this button: Select a button on the application that Novell SecureLogin clicks 
when a user cancels the promptfor credentials. Select and highlight the button by 
dragging the Choose & icon to the button you want and clicking Show me. 


¢ Type the following keystrokes: Define the commands or keystrokes that Novell 
SecureLogin enters when a user cancels the prompt for credentials. To record 
keystrokes: 


1. Click Start. 
2. Specify the keystrokes. 
3. After you have recorded the keystrokes, click Close. 


¢ Re-direct the user to this website: Specify a URL to go to when auser cancels the 
prompt for credentials. You can redirect users to the login screen and force them to 
specify the login credentials again. 
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Determining the Matching Criteria 


1 Novell SecureLogin must uniquely identify each application screen in order to run an 
application definition. If Novell SecureLogin cannot uniquely identify a particular application 
screen, you can manually define the matching criteria. 


(@} SecureLogin must identify each screen uniquely. SecureLogin can identify most screens 
-using the information already configured. f some screens are too similar, they may be hard 
to distinguish and you may need to define advanced matching rules. 


e Would you like to define advanced matching rules? 


+% No. Use minimal rules based on your previous selections. 


+ Yes. Use additional Wizard generated rules. 
Useful if the screen is similar to another SecureLogin enabled 
screen or some controls on screen appear to be dynamically created. 


1 If you select No. Use minimal rules based on your previous selections, Novell SecureLogin uses the 
rules defined in previous attribute panels to identify and handle an application. 


2 Ifyou select Yes. Use additional Wizard generated rules, you can add, modify, or remove rules. Your 
matching criteria must include at least one rule. After you have selected this option, the 
following screen appears: 


By default, Use Wizard generated rules is selected. The Rules text box lists the controls detected by 
Novell SecureLogin. You can add a new rule by dragging the Choose & icon to a specific control and 
clicking Show me to confirm that Novell SecureLogin has identified the correct control. 


To modify a rule for a control: 


1 Select the rule you want to edit, then select Configure more detailed match for this control 
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@ SecureLogin must identify each screen uniquely. SecureLogin can identify most screens using the 
information already configured. f some screens are too similar, they may be hard to distinguish and you 
may need to define advanced matching rules. 


Item: Button "OK" Choose Show me 


Rules: 


Edit Box “Password:* is matched on existence of the control 

Edit Box “Other field:” is matched on Edit Box label 

Button "OK" is matched on Button label 

Current Form “Log in” is matched on exact window title and window dass 


Darant Carm Nannuined Tant Annlinntinn® in mat-had an annie bast im mindan: HHA 


«| m | + 


|¥| Configure more detailed Match for this control 


7| Title | OK 


What should SecureLogin match 
Match Type: 
|SecureLogin is to match value displayed 


2 Define what Novell SecureLogin must match. You can set one of the following matching rules: 


+ SecureLogin is to match value displayed: If you select this option, Novell SecureLogin 
only matches those screens that exactly match the displayed text and rules identified. 


+ SecureLogin is to match specific part of the identified ctrl: If you select this option, you 
must use a regular expression to define and match the screen features. You cannot use 
special characters in a regular expression. 


To test a regular expression: 


1 To verify if your regular expression is correct, click Test Match. 


If a regular expression does not match any control on the application screen, Novell SecureLogin 
prompts you to verify your regular expression and select the correct control. 


To delete a rule: 


1 Select the rule, then click Remove. 


2.1.2 Login Notification 


A login notification is a message that the application displays after Novell SecureLogin has 
submitted the credentials, such as an error message indicating an incorrect password. Use the Logon 


Notification options to define how Novell SecureLogin handles notifications in your application 
definition. 
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Figure 2-7 Login Notification Screen 


(@ To modify the single sign-on settings for this application, navigate the tree in the a N 
Application windows pane on the left and select or expand a window type. Here you E = 
can create a new definition or delete existing definitions. Use the toolbar buttons or 
right-click a definition in the tree to see a menu of the available options. ei 


& Choose the Logon Notification screen for this application 


> Create a new Logon Notification screen definition 


To define an application definition or login notifications, You must complete the following tasks: 


¢ “Identifying the Screen” on page 27 

+ “Defining Notification Handling” on page 28 
+ “Defining the Submit Options” on page 31 

+ “Defining the Matching Criteria” on page 33 


These are displayed in the Section 2.2, “Attributes Pane,” on page 60. 


Identifying the Screen 


Novell SecureLogin identifies a login screen for which you want to create an application definition. 
You can use the Identify screen attribute to select or review the login screen selected by the wizard. 


Understanding the Application Definition Wizard Interface 27 


Figure 2-8 The Identify Screen 


@ SecureLogin needs to identify the logon notification screen for this application. You can (a) 
choose or change the selection on this pane = 


A) Change Password Notification Choose the Logon Notification screen for this application 


Other Drag the Choose icon onto the logon notification screen, 
This SecureLogin window will move behind all other 
windows while you select the target screen. 


There are incomplete screen attributes that require more information 


1 Select the login screen by dragging the Choose & icon to the login screen or by recording 


keystrokes. The title of the login screen is displayed. Click the Show me icon to highlight the 
selection made by the wizard. 


Defining Notification Handling 


1 Through the Notification handling menu, specify how Novell SecureLogin must respond when a 
login notification screen is displayed. 
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@nw ~| x 
E I Adobe - Sign In 
B B Logon 
a [@ Adobe - Sign In (i) Pek eee rt tle A reed 
E @ Logon Notification has submitted credentials. An example is an eror message displaying 
[@ New Logon Notification Form pasword, a hep Taree 
Change Password is presented 
Change Password Notification 
Other Do you want to select and review which credentials are displayed 
to the user? 


> No, I want SecureLogin to display all credentials 


> Yes, I want to select the appropiate credentials 


There are incomplete screen attributes that require more information 


2 Click No, I want SecureLogin to display all credentials to prompt the users to enter their credentials 
again. Novell SecureLogin uses the notification from the application. 


3 Click Yes, I want to select the appropriate credentials to select the credentials to display to the user 
for updating. If you select this option, you must specify the prompt displayed to the users. You 
can select an existing prompt, or you can specify a cutomized prompt and error message. You 
must also specify the credential that users provide for the application. 
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@ Alogon notification is a message that the application may present after SecureLogin 
has submitted credentials. An example is an error message displaying incorrect 
password. Use this pane to tell SecureLogin how to respond when the logon 
Notification is presented 

Change Password Notification 

Other 


Select credentials and review prompt displayed to user 


[V] Customize credentials and prompt which are displayed to the user. 
Type the text that SecureLogin presents when this notification occurs 


Notificati 
Error Credentials, Please type in correct one 


Which credentials should SecureLogin make available for user update? 


=- 


[E] Enable action when user cancels to enter their credentials 


4 If you select Enable action when user cancels to enter their credentials, specify the action that Novell 
SecureLogin must take when a user cancels credential entry 
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| Application Screens 


@new ~| X 
S A Adobe - Sign In 
B E] Logon 
[@ Adobe - Sign In 
E & Logon Notification 
[@ New Logon Notification Form 
Change Password 
Change Password Notification 
S Other 


@ Alogon notification is a message that the application may present after SecureLogin 
has submitted credentials. An example is an error message displaying incorrect 
password. Use this pane to tell SecureLogin how to respond when the logon 

Notification is presented 


Notification 
Error Credentials. Please type in correct one 


Which credentials should SecureLogin make available for user update? 
Credentials 
password 


username 


V| Enable action when user cancels to enter their credentials 


If a user tries to cancel SecureLogin's prompt for credentials, SecureLogin should: 


Click this button: 


© Type the following keystrokes: 


WD Matching criteria 


| aes) Ci [ox ]( cance | {Analy 


‘There are incomplete screen attributes that require more information 


You can specify one of the following actions: 


¢ Click this button: Select a button on the application that Novell SecureLogin clicks when a 
user cancels the prompt for credentials. Select and highlight the button by dragging the 
Choose & icon to the button you want and clicking Show me. 


+ Type the following keystrokes: Define the commands or keystrokes that Novell 
SecureLogin enters when a user cancels the prompt for credentials. To record keystrokes: 


1. Click Start. 
2. Specify the keystrokes. 
3. After you have recorded the keystrokes, click Close. 


+ Re-direct the user to this website: Specify a URL to go to when a user cancels the prompt 
for credentials. You can redirect users to the login screen and force them to specify the login 
credentials again. 


Defining the Submit Options 


1 Use the Submit options menu to define how Novell SecureLogin submits the login notification 
screen. 


2 If you select The user submits the screen, Novell SecureLogin does nothing and the user must 
manually submit the login screen. 
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e How is the logon notification screen submitted? 


> The user submits the screen 


> SecureLogin submits the screen 
Actions to be taken to complete the notification 


3 If you select SecureLogin submits the screen, specify the action that Novell SecureLogin takes to 
submit the login notification screen. 


@nw ~| x GG Identify screen 


E §@ Adobe - Sign In 
o [E] Logon 
[@ Adobe - Sign In 
E @} Logon Notification 
[@ New Logon Notification Form (i) Use these options to tell SecureLogin how to submit the logon notification screen. The (a) 
[A] Change Password submit action could be pressing a button. Altematively, SecureLogin may do nothing and = 
. o PAAA mise the E 
Other 


Actions to be taken to complete the notification 
[F] SecureLogin submits the logon notification screen 
How should SecureLogin submit this screen? 
Click this button: 


@ Type the following keystrokes: 


Keystrokes recorded: 


<enter> 


© Re-direct the user to this website: 


There are incomplete screen attributes that require more information 


You can specify one of the following actions: 


¢ Click this button: Select a button on the application that Novell SecureLogin clicks when a 
user submits the screen. Select and highlight the button by dragging the Choose & icon to 
the button you want and clicking Show me. 


+ Type the following keystrokes: Define the commands or keystrokes that Novell 
SecureLogin enters to submit the login notification screen. To record keystrokes: 


1. Click Start. 


Novell SecureLogin Application Definition Wizard Administration Guide 


2. Specify the keystrokes. 
3. After you have recorded the keystrokes, click Close. 


+ Re-direct the user to this website: Specify a URL to go to when a user submits the login 
notification screen. 


Defining the Matching Criteria 


Novell SecureLogin must uniquely identify each application screen in order to run an application 
definition. If Novell SecureLogin cannot uniquely identify a particular application screen, you can 
manually define the matching criteria. 


If you select Use additional Wizard generated rules, you can add, modify, or remove rules. Your 
matching criteria must include at least one rule. After you have selected this option, the following 
screen appears: 


Figure 2-9 Setting the Matching Criteria 


SecureLogin must identify each screen uniquely. SecureLogin can identify most screens (a) 
using the information already configured. If some screens are too similar, they may be hard = 
to distinguish and you may need to define advanced matching rules. 


@ Would you like to define advanced matching rules? 


> No. Use minimal rules based on your previous selections. 


+% Yes. Use additional Wizard generated rules. 
Useful if the screen is similar to another SecureLogin enabled 
screen or some controls on screen appear to be dynamically created. 


If you select No. Use minimal rules based on your previous selections, Novell SecureLogin uses the rules 
defined in previous menus to identify and handle an application. 
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Figure 2-10 Defining Additional Rules 


fi} SecureLogin must identify each screen uniquely. SecureLogin can identify most screens 
using the information already configured. If some screens are too similar, they may be hard 
to distinguish and you may need to define advanced matching rules. 


Additional identification rules 


For SecureLogin to successfully single sign the target window, the 
matching criteria must be correct. Please test after criteria has been 
modified 


Drag the Choose icon onto the target screen to test matching Choose 


criteria 


Use Wizard generated rules. 


| 


Choose (9| Show me 


Current Form “Adobe - Sign In” is matched on exact domain and exact name 


«| um r 


By default, Use Wizard generated rules is selected. The Rules text box lists the controls detected by 
Novell SecureLogin. You can add new rule by dragging the Choose & icon to a specific control. Click 
Show me to confirm that Novell SecureLogin has identified the correct control. 


To delete a rule, select the rule, then click Remove. 


2.1.3 Change Password 


You can use the Change Password menu of the Application Definitions Wizard to create an application 
definition to include instructions for changing the password for an application. 


You can allow Novell SecureLogin to generate new passwords that match your password policies or 
let users choose their passwords. You can also customize the change password prompts displayed to 
the users. 


To define an application definition for changing passwords, complete the following tasks: 


+ “Identifying the Change Password Screen” on page 35 
¢ “Identifying the Change Password Fields” on page 35 
+ “Generating Password” on page 36 
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¢ “Selecting a Password Policy” on page 37 

¢ “Defining the Submit Options” on page 42 

¢ “Defining the Matching Criteria” on page 44 
Identifying the Change Password Screen 


1 Inthe Application Screens pane of the wizard, click Create a Change Password screen definition to 
create an application definition for changing a password. 


fi 
= 
| 


(a New | x @ To modify the single sign-on settings for this application, navigate the tree in the al OR 
= W Adobe - - Sign In Application windows pane on the left and select or expand a window type. Here you (ia 
= feu me can create a new definition or delete existing definitions. Use the toolbar buttons or 
Bad Sign In et tar ep al rep recap palate ie ~ 
E \@ Logon Notification 


E New Logon Notification Form 


Change Password 


FJ Choose the Change Password screen for this application 
kx Change Password Notification 
Other 


> Create a new Change Password screen definition 


Ce Ce x) Cone) Ce) 


Identifying the Change Password Fields 
1 Through the Identify Fields menu, select or change the selection of fields for changing a 
password. Depending on the application, there might be one or more fields. 
If the label text for a particular control is empty or incorrect; 
la Click Show me to verify if the selected control is correct. 


1b If Show me does not highlight the correct control, use the Choose & icon to drag and drop to 
identify the correct control. If an application is built without ordering the labels in 
accordance with the controls, the Choose icon does not update the label. 
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[A] New -| x 
© E Change Password 


@ SecureLogin needs to identify the fields used on the change password screen for this 
application. The first fields on this pane are credential input fields. You might also want to 

[@ New Change Password Form configure more fields that exist on the change password screen. 

Change Password Notification 

Other 


GB choose (DB) show me 


Choose (DB) show me 
Navigate to field using keystrokes 


Confirm new password: Choose (DB) show me 
|_| Navigate to field using keystrokes 


(~) alllfields 


[_test_] 


There are incomplete screen attributes that require more information 


Alternatively, you can use the Navigate to field using keystrokes to select the correct fields. To 
record keystrokes: 


1b1 Click Start. 
1b2 Specify the keystrokes. 
1b3 After you have recorded the keystrokes, click Close. 


If necessary you can also define the other fields on the screen. You can define how 
Novell SecureLogin handles the any radio buttons or edit boxes displayed on the 
Identify fields screen. 


Generating Password 


Novell SecureLogin can generate a random password or you can allow users to specify a new 
password. 
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Figure 2-11 The Password Generation Options 


Bnew |X 
E i Gmail: Email from Google 
& [E Logon 
©& Gmail: Email from Google 
Logon Notification 
=) Change Password SecureLogin can automatically generate the new password or you can allow the user to select t. Use (4) 
[@ New Change Password Form how the new password is generated and managed. 
Change Password Notification 
Other 


@ How is the new password generated? 


> SecureLogin generates and enters a random password 


> The user chooses a new password 
SecureLogin will need to know more information to do this 


Cre) Cae) 


| There are incomplete screen attributes that require more information 


1 If you select SecureLogin generates and enters random password, Novell SecureLogin generates a 
random password. 


2 If you select The user chooses a new password, specify how to manage the password generation. 
Novell SecureLogin prompts the user to for a new password. You must specify the prompt that 
is displayed to the user. 


@ The user chooses a new password 
SecureLogin will present a prompt asking for the new password. 
Please type the prompt message here 


Prompt z 
Specify a new password. a 


Selecting a Password Policy 


1 Use the Password Policy menu to apply a password policy to an application. You can create a new 
policy or apply an existing password policy. 
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A] New | ze 
E @ Gmail: Email from Google 
& E Logon 
© Gmail: Email from Google 
=) Logon Notification 
=] Change Password 
F: Nev 


@ SecureLogin can apply a password policy to new passwords. You can select an existing (A) 
SecureLogin password policy or you can create a new password policy in this pane. 


@ Do you want to apply a SecureLogin password policy? 


> No. Do not configure a password policy for this application 


> Yes. Let me specify the password rules 
SecureLogin will need to know more information to do this 


2 If you select No. Do no configure a password policy for this application, Novell SecureLogin does not 
validate the password specified by the user. 


3 Ifyou select Yes. Let me specify the password rules, you can define any or all of the following 
options: 
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A New -|x 


E A Gmail: Email from Google 


B [E] Logon 


E Gmail: Email from Google 


Logon Notification 
Change Password 


1) 


F New Change Password Form 


Other 


Password 


Select an exis 


The listbox displays all password policies detected for the current user. 


V| Specify the password rules 
Password policy: 


a SecureLogin can apply a password policy to new passwords. You can select an existing 
> eee @ SecureLogin password policy or you can create a new password policy in this pane. 


policy compliance 


ting password policy or type a name to create a new policy. 


Rule1 


End with 
End with 


any number 


any symbol 


[Hep] [test] 


There are incomplete screen attributes that require more information 


+ Create a New Password Policy: Creates a new password policy. 


1. Inthe Password policy field, specify a name for the policy. 


2. Specify the rules for the policy. 


Refer Table 2-1, “Setting Password Policy,” on page 39 for information on setting the 


password policy rules. 


¢ Select an Existing Policy: If you have previously configured a password policy, select the 
policy in the Password Policy drop-down list. 


¢ Enforce Password History: Select this option to stop users from reusing a previous 
password. You can specify the number of previous passwords that must not be used. 


Table 2-1 Setting Password Policy 


Value to Be 


ou Provided 
Minimum length Whole number 
Maximum length Whole number 


Description 
Defines the minimum length of the password; that is, the 
number of characters required for the password. 


Defines the maximum length of the password; that is, the 
maximum number of characters allowed in password. 
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Rule 
Minimum punctuation 
characters 


Maximum punctuation 
characters 


Minimum uppercase 
characters 


Maximum uppercase 
characters 


Minimum lowercase 
characters 


Maximum lowercase 
characters 


Minimum numeric 
characters 


Maximum numeric 
characters 


Disallow repeat 
characters 


Disallow duplicate 
characters 


Disallow sequential 
characters 


Value to Be 
Provided 


Punctuation 
characters 


Punctuation 


characters 


Whole number 


Whole number 


Whole number 


Whole number 


Whole number 


Whole number 


No/Yes/Yes, case 
insensitive 


No/Yes/Yes, case 
insensitive 


No/Yes/Yes, case 
insensitive 


Description 


Defines the minimum number of punctuation characters 
allowed in a password. 


Defines the maximum number of punctuation characters 
allowed in a password. 


Defines the minimum number of uppercase characters 
allowed in a password. 


Defines the maximum number of uppercase characters 
allowed in a password. 


Defines the minimum number of lowercase characters 
allowed in a password. 


Defines the maximum number of lowercase characters 
allowed in a password. 


Defines the minimum number of numeric characters allowed 
in a password. 


Defines the maximum number of numeric characters 
allowed in a password. 


Disallows the use of repeated characters, or the use of the 
same character in succession. 


If this option is set to No, characters can be repeated. This is 
the default value. 


If this option is set to Yes, the same alphabetic characters in 
a different case are considered as different characters. For 
example, A and a are different. 


If this option is set to Yes, case insensitive, the successive 
use of the same alphabetic characters in a different case is 
not allowed. 


No/Yes/Yes, case insensitive 


Disallows the use of successive characters in alphabetical 
order. 


If this option is set to No, sequential characters are allowed. 
This is the default value. 


If this option is set to Yes, sequential characters in a different 
case are considered as non-sequential. For example, a and 
B are non-sequential. 


If this option is set to Yes, case insensitive, sequential 
characters in different cases are disallowed. 
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Rule 


Begin with an 
uppercase character 


End with an uppercase 
character 


Prohibited characters 


Begin with any Alpha 
character 


Begin with any number 


Begin with any symbol 


End with any Alpha 
character 


Value to Be 
Provided 


NolYes 


No/lYes 


Keyboard 
characters 


NolYes 


No/lYes 


No/lYes 


NolYes 


Description 

Enforces the use of an uppercase alphabetic character as 
the beginning character of a password. 

The default value is No. 


If this option is set to Yes, all other policies that indicate that 
a password must begin with a particular character or ina 
specific manner are disabled. 


IMPORTANT: Only one type of character can be designated 
as the first value of a password. 


Enforces the use of an uppercase letter at the end of a 
password. 


The default value is No. 


If this option is set to Yes, all other policies that indicate that 
a password must end with a particular character or ina 
specific manner are disabled. 


Defines a list of characters that cannot be used ina 
password. 


NOTE: There is no need of a separator in the list of 
prohibited characters. For example, @#$%&* 


Enforces the use of an alphabetic character at the beginning 
of a password. 


The default value is No. 


If this option is set to Yes, it automatically disables all other 
policies that specify what the first character of the password 
should be. 


Enforces the use of a numeric character as the first 
character of the password. 


The default value is No. 


If this option is set to Yes, it automatically disables all other 
policies that specify what the first character of the password 
should be. 


Enforces the use of a symbol character as the first character 
of the password. 


The default value is No. 


If this option is set to Yes, it automatically disables all other 
policies that specify what the first character of the password 
should be. 


Enforces the use of an alphabetic character as the last 
character of the password. 


The default value is No. 


If this option is set to Yes, it automatically disables all other 
policies that specify what the password should end with. 
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Value to Be 


Rule Provided 


Description 

End with any number NolYes Enforces the use of a numeric character as the last 
character of the password. 

The default value is No. 


If this option is set to Yes, it automatically disables all other 
policies that specify what the password should end with. 


End with any symbol Nol Yes Enforces the use of a symbol character as the last character 
of the password. 


The default value is No. 


If this option is set to Yes, it automatically disables all other 
policies that specify what the password should end with. 


Defining the Submit Options 


1 Use the Submit options menu to define how Novell SecureLogin submits the change password 
screen. 


(@ Use these options to tell SecureLogin how to submit the logon screen. The submit action 
~ could be pressing a button. Altematively, SecureLogin may do nothing and allow the user 
to submit the screen. 


e How is the logon screen submitted? 


> The user submits the screen 


> SecureLogin submits the screen 
Configure SecureLogin to click button or type keystrokes. 


1 If you select The user submits the screen, Novell SecureLogin does nothing and the user must 
manually submit the screen. 


2 If you select SecureLogin submits the screen, specify the action that Novell SecureLogin must take 
to submit the screen. 
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& Use these options to tell SecureLogin how to submit the logon screen. The submit action 
-could be pressing a button. Altematively, SecureLogin may do nothing and allow the user 
to submit the screen. 


Login actions 


Im) 


[V] SecureLogin submits the logon screen 
How should SecureLogin submit this screen? 
Click this button: 


© Type the following keystrokes: 


Keystrokes recorded: 
<enter> 


|| Enable action when user cancels to enter their credentials 


You can specify one of the following actions: 


¢ Click this button: Select a button on the application that Novell SecureLogin clicks when a 
user submits the change password screen. Select and highlight the button by dragging the 
Choose & icon to the button you want and clicking Show me. 


+ Type the following keystrokes: Define the commands or keystrokes that Novell 
SecureLogin enters to submit the change password screen. 


To record keystrokes: 
1. Click Start. 
2. Specify the keystrokes. 
3. After you have recorded the keystrokes, click Close. 


+ Re-direct users to this website: Specify a URL to go to after users submit the change 
password screen. 


You can also specify the Novell SecureLogin action when users cancel saveing their 
credentials. For this, select Enable action when user cancels to change their password. You can 
specify one of the following actions: 


¢ Click this button: Select a button on the application that Novell SecureLogin clicks 
when a user submits the screen. Select and highlight the button by dragging the Choose 
& icon to the button you want and clicking Show me. 


+ Type the following keystrokes: Define the commands or keystrokes that Novell 
SecureLogin enters to submit the login screen. 


To record keystrokes: 
1. Click Start. 
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2. Specify the keystrokes. 
3. After you have recorded the keystrokes, click Close. 


Re-direct users to this website: Specify a URL to go to when users cancel the change 
password prompt. 


Defining the Matching Criteria 


Novell SecureLogin must uniquely identify each application screen in order to run an application 
definition. If Novell SecureLogin cannot uniquely identify a particular application screen, you can 
manually define the matching criteria. 


Figure 2-12 Setting the Matching Criteria 


@ SecureLogin must identify each screen uniquely. SecureLogin can identify most screens 
using the infomation already configured. f some screens are too similar, they may be hard 
to distinguish and you may need to define advanced matching rules. 


@ Would you like to define advanced matching rules? 


> No. Use minimal rules based on your previous selections. 


> Yes. Use additional Wizard generated rules. 
Useful if the screen is similar to another SecureLogin enabled 
screen or some controls on screen appear to be dynamically created. 


1 If you select No. Use minimal rules based on your previous selections, Novell SecureLogin uses the 
rules defined in previous attribute panels to identify and handle changing a password. 


2 If you select Use additional Wizard generated rules, you can add, modify, or remove rules. Your 
matching criteria must include at least one rule. After you have selected this option, the 
following screen appears: 
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2.1.4 


@ SecureLogin must identify each screen uniquely. SecureLogin can identify most screens using the 
information already configured. If some screens are too similar, they may be hard to distinguish and you 
may need to define advanced matching rules. 


Additional identification rules 


For SecureLogin to successfully single sign the target window, the 
matching criteria must be correct. Please test after criteria has been 
modified 


Drag the Choose icon onto the target screen to test matching panes 
criteria 


Use Wizard generated rules. 


Item: e Choose W) Show me 


Rules: 


Edit Box "Password:" is matched on existence of the control 

Edit Box “Other field:* is matched on existence of the control 

Button “OK” is matched on existence of the control 

Current Form “Log in” is matched on exact window title and window class 


avant Carm Manmunrd Tant Anclin-ntian® in mat-had an nyuart minda: HHA and uses 


< | m | r 


3 By default, Use Wizard generated rules is selected. The Rules text box lists the controls that are 
detected by Novell SecureLogin. You can add new rule by dragging the Choose & icon toa 
specific control and clicking Show me to confirm that Novell SecureLogin has identified the 
correct control. 


Change Password Notification 


A change password notification is a message that an application displays after the user submits the 
new password. This might be either a confirmation or error message. 


IMPORTANT: A change password notification cannot be created if a change password form is not 
defined. 


The change password notification lets users know whether the password is successfully changed. If a 
change password notification is not defined, Novell SecureLogin prompts the user to verify if the 
password is changed successfully. 


To handle change password notifications, You must complete the following tasks: 


¢ “Identifying the Screens” on page 46 

+e “Defining the Submit Options” on page 46 
¢ “Handling Errors” on page 50 

+ “Defining Matching Criteria” on page 51 
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Identifying the Screens 


Novell SecureLogin must uniquely identify the change password notification screen to handle the 
notification. You can the Identify screen attribute to select or change the notification screen. 


Figure 2-13 The Change Password Notification Screen 


@new ~| Xx 
Gmail: Email from Google 
[E] Logon (i) Appssword nottcation i a message that the 2pptcelion may present after Secisel oon 
E Gmail: Email from Google has submitted the new password. This might be a success or failure message. Use this 
é to select the notification screen. 
Logon Notification phe 
Change Password 
E New Change Password Form : : . . 
\® Change Password Notification Choose the Change Password Notification screen for this application 
B a nee d Notification Form Drag the Choose icon onto the Change Password Notification screen. Choose 


This SecureLogin window will move behind all other 
windows while you select the target screen. 


Screen Title My Account Show me 


< [ m | + | 2 Matching criteria 
= == 


There are incomplete screen attributes that require more information 


1 Select the Change Password Notification screen by dragging the Choose & icon to the screen. The 
title of the screen is displayed. 


2 Click the Show me icon to highlight the selection made by the wizard. 


3 Ifyou select This window is a change password successful notification, you must next define the 
submit options. See “Defining the Submit Options” on page 46. 


4 If you do not select This window is a change password successful notification, define “Handling 
Errors” on page 50. 


Novell SecureLogin updates the credentials for the application immediately after a password is 
changed successfully. It does it either automatically or by asking the user. 


Defining the Submit Options 


1 Use the Submit options to define what to do when the change password notification is displayed. 
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(@ Use these options to tell SecureLogin how to submit the logon screen. The submit action 
caa be oes a button. Altematively, SecureLogin may do nothing and allow the user 
to screen. 


e How is the logon screen submitted? 


> The user submits the screen 


> SecureLogin submits the screen 
Configure SecureLogin to dick button or type keystrokes. 


2 Select The user submits the screen to allow users to handle any change password notification 
screens. 


3 If you select SecureLogin submits the screen, specify what Novell SecureLogin must do to handle a 
change password notification screen. 
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@rew ~| X 
Gmail: Email from Google 
Logon 

E Gmail: Email from Google (7) Line Ieee acter to bl Securlodo lam in niet ee cess paron ioan A 
Logon Notification screen. The submit action could be pressing a button. Altematively, SecureLogin may do = 
Change Password nothing and allow the user to submit the screen 

E New Change Password Form 
ND Change Password Notification 
[@ New Change Password Notification Form Login actions 


m| Other 


SecureLogin submits the screen 
How should SecureLogin submit this screen? 
Click this button: 


Keystrokes recorded: 


<enter> 


© Re-direct the user to this website: 


H There are incomplete screen attributes that require more information 


You can specify one of the following actions: 


¢ Click this button: Select a button on the application that Novell SecureLogin clicks when a 
user submits the screen. Select and highlight the button by dragging the Choose & icon to 
the button you want and clicking Show me. 


+ Type the following keystrokes: Define the commands or keystrokes that Novell 
SecureLogin enters to submit the login screen. 


To record keystrokes: 
1. Click Start. 
2. Specify the keystrokes. 
3. After you have recorded the keystrokes, click Close. 


+ Re-direct the user to this website: Specify a URL to go to when a user cancels the prompt 
for credentials. You can redirect users to the login screen and force them to specify the login 
credentials again. 


NOTE: If the label text for the control is empty or incorrect: 
+ Click Show me to check if the selected control is correct. 


+ If Show me does not highlight the expected control, update it by using the Choose icon or 
by using the Type the following keystrokes option. 
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The Choose icon might not update the label if the application is built without ordering labels 
in accordance with controls. 


¢ Enable action when user cancels to enter their credentials: If you select this option, 
specify what action Novell SecureLogin takes when a user cancels credential entry. 


@uew ~| x 


=) §B Adobe - Sign In 

© E Logon 
[@ Adobe - Sign In i Melee Dee at anger a e ea Eed a (A 

E & Logon Notification has submitted credentials. An example is an emor message displaying incomect a 
[@ New Logon Notification Form premori.. Use this pane to tell SecureLogin how to respond when the logon 

[F] Change Password is presented 
Change Password Notification z 7 

Co othe Notification 


Error Credentials. Please type in correct one 


Which credentials should SecureLogin make available for user update? 
Credentials 
password 
username 


v 


Enable action when user cancels to enter their credentials 


If a user tries to cancel SecureLogin's prompt for credentials, SecureLogin should: 
Click this button: 


© Type the following keystrokes: 


‘ee are incomplete screen attributes that require more information 


You can specify one of the following actions: 


¢ Click this button: Select a button on the application that Novell SecureLogin clicks 
when a cancels the promptfor credentials. Select and highlight the button by dragging 
the Choose & icon to the button you want and clicking Show me. 


+ Type the following keystrokes: Define the commands or keystrokes that Novell 
SecureLogin enters when the user cancels the prompt for credentials. 


To record keystrokes: 
1. Click Start. 
2. Specify the keystrokes. 
3. After you have recorded the keystrokes, click Close. 


+ Re-direct the user to this website: Specify a URL to go to when a user cancels the 
prompt for credentials. You can redirect users to the login screen and force them to 
specify the login credentials again. 
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Handling Errors 


If a change password notification screen does not confirm a password change, you must define rules 
for Novell SecureLogin to handle the notification. 


Figure 2-14 The Change Password Notification Screen 


@ Use these options to tell SecureLogin how to submit the change password notification 
screen. The submit action could be pressing a button. Altematively, SecureLogin may do 
nothing and allow the user to submit the screen 

E New Change Password Form 

K Change Password Notification 

5 aa Change Password Notification Form @ What should SecureLogin do when the password notification is returned? 


> Nothing. Allow user to manage the response 


> Dismiss the notification following configured rules 


1 If you select Nothing. Allow user to manage the response, it displays the notification from the 
application. Users can manage the response. 


2 If you select Dismiss the notification following configured rules, define the action that Novell 
SecureLogin must take. 
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ee 
@new ~| x 
Gmail: Email from Google 
Logon 
& Gmail: Email from Google @ Use these options to tell SecureLogin how to submit the change password notification 
Logon Notification screen. The submit action could be pressing a button. Altematively, SecureLogin may do 
Change Password nothing and allow the user to submit the screen 
E New Change Password Form 
ND Change Password Notification 
_|__ [@ New Change Password Notification Form |! How should error messages be handled? 
i Other 
How should SecureLogin dismiss the notification? 
@ Click this button: 
Button: Save 
© Type the following keystrokes: 
© Re-direct the user to this website: 
After dismissing the notification, SecureLogin will present a custom message to the user. 
Please type your custom message here. 
< [ m j>» 
| 
[ re )[ zst ] 
There are incomplete screen attributes that require more information 


You can do any of the following: 


¢ Click this button: Select a button on the application that Novell SecureLogin clicks when a 


user submits the screen. Select and highlight the button by dragging the Choose & icon to 
the button you want and clicking Show me. 


+ Type the following keystrokes: efine the commands or keystrokes that Novell SecureLogin 


enters to submit the login screen. 
To record keystrokes: 
1. Click Start. 
2. Specify the keystrokes. 
3. After you have recorded the keystrokes, click Close. 


+ Re-direct the user to this website: Specify a URL to go to when a user cancels the 
promptfor credentials. You can redirect users to the login screen and force them to specify 
the login credentials again. 


In the Custom Message text field, specify a custom message to be displayed to the users. 


Defining Matching Criteria 


Novell SecureLogin must uniquely identify each application screen in order to run an application 
definition. If Novell SecureLogin cannot uniquely identify a particular application screen, you can 
manually define the matching criteria. 
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Figure 2-15 Setting the Matching Criteria 


. SecureLogin iA) 
cargued H some screens are too sar, hey may De har = 
and you may need to define advanced matching rules 


@ Would you lke to define advanced matching rules? 


+> No. Use minimal rules based on your previous selections. 


> Yes. Use additional Wizard generated rules. 
Useful if the screen is similar to another SecureLogin enabled 
screen or some controls on screen appear to be dynamically created. 


1 If you select No. Use minimal rules based on your previous selections, Novell SecureLogin uses the 
rules defined in previous attribute panels to identify and handle an application. 


2 If you select Yes. Use additional Wizard generated rules, you can add, modify, or remove rules. 
Your matching criteria must include at least one rule. After you have selected this option, the 
following screen appears: 
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@yew ~| x 
Gmail: Email from Google 


(i) Scourol ogi mus kanif each nomen unit SecureLogin can identify most screens using the 

E New Change Password Form information already configured. If some screens are too similar, they may be hard to distinguish and you 
ND Change Password Notification matching rules. 
(©) New Change Password Notification Form 
E other 


may need to define advanced 


Additional identification rules 

For SecureLogin to successfully single sign the target window, the 
matching criteria must be correct. Please test after criteria has been 
modified 


Drag the Choose icon onto the target screen to test matching 
criteria 


[V] Use Wizard generated rules. 


Item: 


Rules: 
Button "Save" is matched on exact name Add 
Current Form "My Account" is matched on exact domain | au | 


| Remove 


By default, Use Wizard generated rules is selected. The Rules text box lists the controls detected by 
Novell SecureLogin. You can add a new rule by dragging the Choose & icon to a specific control 
and clicking Show me to confirm that Novell SecureLogin has identified the correct control. 


To modify a rule for a control: 


1 Select the rule you want to edit, then click Configure more detailed match for this control 
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E Gmail: Email from Google 
Logon Notification 

Change Password 

E New Change Password Form 

| NW Change Password Notification 

E New Change Password Notification Form 
B Other [My use Wizeru yener awu rues. 


@ SecureLogin must identify each screen uniquely. SecureLogin can identify most screens using the 
information already configured. if some screens are too similar, they may be hard to distinguish and you 
may need to define advanced matching rules. 


Item: 


v 


What should SecureLogin match 
Match Type: 
SecureLogin is to match value displayed 


2 Define what Novell SecureLogin must match. You can set the following matching rule: 


¢ SecureLogin is to match value displayed: If you select this option, Novell SecureLogin 
only matches those screens that exactly match the displayed text and rules identified. 


To test a regular expression: 


1 Click Test Match to verify if your regular expression is correct. If a regular expression does not 
match any control on the application screen, Novell SecureLogin prompts you to verify your 
regular expression and select the correct control. 


To delete a rule: 


1 Select the rule, then click Remove. 


2.1.5 Other 


Use Other menu to define rules for the application definition to handle any other application screens, 
such as splash screens, automating menu navigation, or redirecting users to a Web site. To handle 
such screens, You must complete the following tasks: 

¢ “Identifying the Screen” on page 55 

¢ “Identifying the Fields” on page 55 

+ “Defining the Submit Options” on page 56 

+ “Defining Matching Criteria” on page 59 
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Identifying the Screen 
Novell SecureLogin identifies a login screen for which you want to create an application definition. 


1 You can use the Identify screen attribute to select or review the login screen selected by the 
wizard. 


2 Select the login screen by dragging the Choose & icon to the login screen or by recording 
keystrokes. The title of the login screen is displayed. 


3 Click the Show me icon to highlight the selection made by the wizard. 


Identifying the Fields 


By default, Novell SecureLogin does not select any fields on the screen. You must define the selection. 


NOTE: If the screen you have selected does not contain any controls, Identify fields is automatically 
selected. 


Figure 2-16 Selecting a Screen 


E new -| x ae : : pain 7 me 

(i) To modify the single sign-on settings for this application, navigate the tree in the Application windows a 
Gmail: Email from Google pane on the left and select or expand a window type. Here you can create a new definition or 
[= Logon delete existing definitions. Use the toolbar buttons or right-click a definition in the tree to see a menu 
© Gmail: Email from Google gte i 
Logon Notification 
Change Password 
E New Change Password Form (a) Choose the Other screen for this application 
NW Change Password Notification 


E New Change Password Notification Form > Create a new Other screen definition 


Other 


1 After selecting a screen, define what Novell SecureLogin must do when it detects any fields on 
the screen. 
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E new -| x 
=) T Amazon.com - Your Account 
=] E Logon 
E Amazon.com - Your Account @ SecureLogin needs to identify the fields used to logon to this application. The first 
Logon Notification fields on this pane are credential input fields, such as usemame and password. You 
Change Password might also want to configure more fields that exist on the logon screen. However, you 
Change Password Notification may also decide that SecureLogin is not required to handle any logon fields on this 
a Other 


[@ New Other Generic Form @ Should SecureLogin take action on any of the fields detected on this screen? 


> No. I want to configure only the submit action 


> Yes. I want to select and configure fields 
SecureLogin will need to know more information to do this 


(Help) [test] 
There are incomplete screen attributes that require more information 


2 If you select No. I want to configure only the submit action, define only the submit options. 
Continue with “Defining the Submit Options” on page 56 to define the submit options. 


3 If you select Yes, I want to select and configure fields, then you must identify the controls you want 
Novell SecureLogin to handle and the actions it should take. The actions that can be taken 
depend on the control types that are identified. 


Defining the Submit Options 


1 Use the Submit option menu to define how Novell SecureLogin must submit the login screen. 
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& Use these options to tell SecureLogin how to submit the logon screen. The submit action 
~ could be pressing a button. Altematively, SecureLogin may do nothing and allow the user 
to submit the screen. 


e How is the logon screen submitted? 


> The user submits the screen 


> SecureLogin submits the screen 
Configure SecureLogin to dick button or type keystrokes. 


2 If you select The user submits the screen, Novell SecureLogin does nothing and the user must 
manually submit the login screen. 


3 If you select SecureLogin submits the screen, specify the action that Novell SecureLogin must take 
to submit the login screen. 
You can specify one of the following actions: 


¢ Click this button: Select a button on the application that Novell SecureLogin clicks when a 
user submits the screen. Select and highlight the button by dragging the Choose & icon to 
the button you want and clicking Show me. 


+ Type the following keystrokes: Define the commands or keystrokes that Novell 
SecureLogin enters to submit the login screen. To record keystrokes: 
1. Click Start. 
2. Specify the keystrokes. 
3. After you have recorded the keystrokes, click Close. 


¢ Re-direct the user to this website: Specify a URL to go to when a user cancels the prompt 
for credentials. You can redirect users to the login screen and force them to specify the login 
credentials again. 

¢ Enable action when user cancels to enter their credentials: If you select Enable action when 
user cancels to enter their credentials, specify what action Novell SecureLogin takes when a 
user cancels to enter their credentials. 
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Figure 2-17 Defining Action When User Cancels Prompt for Credentials 


SecureLogin =] 
Application Screens New Logon Notification Form 
@new ~ | x T Identify screen A 
nace all 
= fe) Logon 
[@ Adobe -Sign In @ Alogon notification is a message that the application may present after SecureLogin a PR 
= (@ Logon Notification -has submitted credentials. An example is an emor message displaying incorect 
[@ New Logon Notification Form password. Use this pane to tell SecureLogin how to respond when the logon 
[F Change Password notification is presented iM 
S Change Password Notification Notification 5 
Other 


Error Credentials. Please type in correct one 


Which credentials should SecureLogin make available for user update? 
Credentials 

password 

[username 


[V Enable action when user cancels to enter their credentials 


If a user tries to cancel SecureLogin's prompt for credentials, SecureLogin should: 


m. 


Type the following keystrokes: 


© Re-direct the user to this y 


Type the URL: 
http:// 


Q Submit options 
T Matching criteria 


[Hep Test (96) (cancel) (Apa 


There are incomplete screen attributes that require more information 


You can specify one of the following actions: 


+ Click this button: Select a button on the application that Novell SecureLogin clicks 
when a cancels the prompt for credentials. Select and highlight the button by dragging 
the Choose & icon to the button you want and clicking Show me. 


+ Type the following keystrokes: Define the commands or keystrokes Novell 
SecureLogin enter when user cancels the prompt for credentials. To record keystrokes: 


1. Click Start. 
2. Specify the keystrokes. 
3. After you have recorded the keystrokes, click Close. 


+ Re-direct the user to this website: Specify a URL to go to when a user cancels the 
prompt for credentials. You can redirect users to the login screen and force them to 
specify the login credentials again again. 


If you select this option, you must also specify the action Novell SecureLogin when users 
cancel when prompted to save their credentials. You can specify one of the following 
actions: 


¢ Click this button: Select a button on the application that Novell SecureLogin clicks 
when a user submits the screen. Select and highlight the button by dragging the Choose 
& icon and clicking Show me. 


+ Type the following keystrokes: Define the commands or keystrokes that Novell 
SecureLogin enters to submit the login screen. To record keystrokes: 


1. Click Start. 
2. Specify the keystrokes. 
3. After you have recorded the keystrokes, click Close. 
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¢ Re-direct the user to this website: Specify a URL to go to when a user cancels the prompt 
for credentials. You can redirect users to the login screen and force them to specify the login 
credentials again. 


Defining Matching Criteria 


Novell SecureLogin must uniquely identify each application screen in order to run an application 
definition. If Novell SecureLogin cannot uniquely identify a particular application screen, you can 
manually define the matching criteria. 


1 If you select No. Use minimal rules based on your previous selections, Novell SecureLogin uses the 
rules defined in previous attribute panels to identify and handle an application. 


2 Ifyou select Yes. Use additional Wizard generated rules, you can add, modify, or remove rules. Your 
matching criteria must include at least one rule. After you have selected this option, the 
following screen appears: 


3 By default, Use Wizard generated rules is selected. The Rules text box lists the controls that are 
detected by Novell SecureLogin. You can add new rule by dragging the Choose & icon toa 


specific control and clicking Show me to confirm that Novell SecureLogin has identified the 
correct control. 


To modify a rule for a control: 


3a Select the rule you want to edit, then click Configure more detailed match for this control. 


EN 
K 


@ SecureLogin must identify each screen uniquely. SecureLogin can identify most screens using the 
information already configured. If some screens are too similar, they may be hard to distinguish and you 
may need to define advanced matching rules. 


Item: Button "OK" Choose Show me 


Rules: 5 > 

Edit Box "Password;” is matched on existence of the control 

Edit Box “Other field:” is matched on Edit Box label 

Button "OK" is matched on Button label 

Current Form “Log in” is matched on exact window title and window class 
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[V] Configure more detailed Match for this control 


[V] Title | Ok 


What should SecureLogin match 
Match Type: 
|SecureLogin is to match value displayed 


3b Define what Novell SecureLogin must match. You can set one of the following matching 
rules: 


+è SecureLogin is to match value displayed: f you select this option, Novell SecureLogin 
only matches those screens that exactly match the displayed text and rules identified. 
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2.3 


+ SecureLogin is to match specific part of the identified ctrl: If you select this option, 
you must use a regular expression to define and match the screen features. You cannot 
use special characters in a regular expression. 


3c Click Test Match to verify if your regular expression is correct. 


If a regular expression does not match any control on the application screen, Novell 
SecureLogin prompts you to verify your regular expression and select the correct control. 


To delete a rule: 


1 Select the rule, then click Remove. 


Attributes Pane 


The Attributes pane is displayed on the right side of the Application Definition Wizard interface. The 
attributes of the application definition for the selected screen are detailed in the Attributes pane. The 
attributes displayed are in relation to the selections made in the Application Screens pane. 


Figure 2-18 The Attributes Pane 


If the Application Definition Wizard opens automatically after detecting a login screen, it opens the 
Credential Source menu. Otherwise, it opens the Identify screen menu. 


When you are building an application definition, the Attributes pane can be opened in a top-to- 
bottom order. You must complete each menu. After you successfully complete each menu, it is 


marked with a check mark st. 


Each menu in the Attribute pane has a description of the menu item. If you have not completed a 
menu, you are prompted to complete it before continuing to the next menu item. 


General Controls and Messages 


The General controls and messages are located at the end of the Application Definition Wizard page. 
Clicking Test, OK, or Apply synchronizes your data and saves it to the directory. 


+ Section 2.3.1, “Help,” on page 61 
¢ Section 2.3.2, “Test,” on page 61 
¢ Section 2.3.3, “OK,” on page 61 
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2.3.1 


2.3.2 


2.3.3 


2.3.4 


2.3.9 


2.4 


è Section 2.3.4, “Apply,” on page 61 
+ Section 2.3.5, “Cancel,” on page 61 


Figure 2-19 The General Controls and Messages 


[Hep] [Test OK || Cancel || _ Apply | 


Help 


1 Click Help to launch the help integrated with Novell SecureLogin. Alternatively, you can launch 
the help file by pressing F1. 


Test 


1 After you have created an application definition, click Test to test it . You should create and test 
an application definition by using a test account before distributing it. 


For details on testing an application definition, refer to Chapter 3.6, “Testing Application 
Definitions,” on page 98. 


OK 


1 Click OK to save the changes made to the application definition and close the wizard. 


Apply 


1 Click Apply to save the changes you have made to the application definition and leave the 
wizard open for further editing. 


Cancel 


Click Cancel to cancel creating or editing the application definition. Clicking Cancel closes the 
Application Definition Wizard without saving any changes you have made. Unsaved changes are 
lost. 


Selecting and Identifying Screens and Controls 


You can identify the controls of an application by dragging the Choose & icon to the fields within the 
application. The wizard moves behind the all the other windows and allows you to choose the correct 
field. 


To confirm if the fields are identified correctly, click Show me. It highlights the identified fields. 


Understanding the Application Definition Wizard Interface 61 


62 


2.5 


Figure 2-20 Identifying the Control 


(@ SecureLogin needs to identify the fields used to logon to this application. The first a 

~ fields on this pane are credential input fields, such as usemame and password. You 
might also want to configure more fields that exist on the logon screen. However, you 
may also decide that SecureLogin is not required to handle any logon fields on this = 


E-mail Address 
testaccount 


Password: 


Password: Choose 


Treat fi 


Forgot Your Password? 
[E] Navigate to field using keystrokes 
Your Other Accounts 


Your Seller Account 
Type the text that SecureLogin presents when prompting for username and password. 
Prompt: 

Please edit your login variables. a Corporate Account 


Web Services Account 


Your Trade-In Account 


m 


Amazon Payments 
Account 


V Alles (seli vour sut 


Novell SecureLogin detects most standard user interface elements. If an application uses a non- 
standard framework, the Application Definition Wizard does not select or highlight the controls. 


For example, you cannot enable single sign-on for applications that are built in on a non-native UI 
framework such as Microsoft .NET framework, Gecko, and Qt*. Similarly, applications such as 
Mozilla* Thunderbird* 2.0.0.18 and Novell iFolder® cannot be enabled for single sign-on by using the 
wizards. The wizard fails to detect the control to enable these applications. However, you can enable 
single sign-on for these applications without using the wizard. 


For such applications, you must identify the fields by recording keystrokes, as described in 
Section 2.5, “Recording Keystrokes,” on page 62. 


Recording Keystrokes 


Novell SecureLogin can record keystrokes to facilitate navigation or to enter particular commands. If 
you have difficulty in identifying the screen or if the application does not detect the screen, select 
Navigate to field using keystrokes. 


IMPORTANT: You cannot record the following keystrokes. They are reserved by Windows. 


¢ Ctrl+Esc: This posts a journal quit message. 
¢ Ctrl+Alt+Del: This posts a journal quit message. 
+ Ctrl+Break:his is part of the journal quit code. 


+ Ctrl+Shift+Esc: This cancels the collection of keystrokes. 


You cannot type directly in the Navigate to field by using keystrokes, because the fielddisplays only 
recorded keystrokes. 
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2.6 


To record keystrokes: 


1 Click Start. 
2 Specify the keystrokes. 


3 After you have recorded the keystrokes, click Close. The dialog box closes and returns you to the 
Application Definition Wizard. 


If you make a mistake in recording the keystrokes, repeat the procedure. 


Using Regular Expressions 


Some dialog boxes in Novell SecureLogin allow you to specify text to identify an application screen. 
The SecureLogin needs to match option allows you to use regular expressiona as another way to 
uniquely identify a particular application screen. 


Regular expressions are text patterns that are used for string matching. They contain a mix of plain 
text and special characters to indicate what kind of matching to do. 


If your regular expression does not match any controls on the particular application screen, Novell 
SecureLogin prompts you to check your regular expression and ensure the correct control is selected. 
You might need to skip special characters in your regular expression. 


You can specify a regular expression such as: 
Connecting to server (.*) 


The (.*) specifies the value that must be captured to define the credentials. You can have one 
credential set for each regular expression value. 
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3.1 


Using the Application Definition Wizard 


Novell SecureLogin 7.0 introduces an enhanced administrative wizard that offers an improved 
wizard engine and provides an unified and intuitive process that helps you manage different 
application types. 


You use the Application Definition Wizard to define how Novell SecureLogin behaves when you 
select an application for single sign-on. 


The following sections provide information on using the Application Definition Wizard to create 
application definitions for Web, Windows, and Java applications. 


+ 


+ 


+ 


+ 


Section 3.1, “Launching the Application Definition Wizard,” on page 65 
Section 3.2, “Creating an Application Definition for a Web Application,” on page 67 
Section 3.3, “Creating an Application Definition for a Windows Application,” on page 77 


Section 3.4, “Creating an Application Definition for a Java Application or an Oracle Form,” on 
page 86 


Section 3.5, “Using a Predefined Application Definition,” on page 93 
Section 3.6, “Testing Application Definitions,” on page 98 
Section 3.7, “Deploying Application Definitions,” on page 101 


Section 3.8, “Configuring Notifications,” on page 101 


Launching the Application Definition Wizard 


If Novell SecureLogin is active on your workstation and if you have permission to create an 
application definition, the following prompt appears when you launch an application. 


Figure 3-1 Prompt to Enable Single Sign-On 


e Do you want to single sign enable the screen? 


+> Yes, I want to single sign using the default selections done by the wizard. 
+> Yes, I want to single sign enable the screen using the wizard. 
> Cancel, I do not want to single sign this screen at this time. 


> No, Never prompt me to single sign this screen. 
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Typically, the wizard launches when it detects a new login screen. However, you can also create or 
modify application definitions by using the wizard to automate handling the notification screens. 
You can do this in one of the following ways: 


è Section 3.1.1, “Automatically Launching the Wizard,” on page 66 
¢ Section 3.1.2, “Launching the Wizard through the Add Application Menu,” on page 66 


3.1.1 Automatically Launching the Wizard 


If the Wizard option is enabled, Novell SecureLogin automatically prompts you to use the wizard to 
create an application definition for the application. This is determined by the Wizard mode 
preference as described in Chapter 5, “Setting the Wizard Mode Preference,” on page 123. 


The auto-detection dialog box does not appear if the Application Definition Wizard or the 
administrative management utilities are open. 


Figure 3-2 Detecting Applications for Single Sign-On 


e Do you want to single sign enable the screen? 
i +> Yes, I want to single sign using the default selections done by the wizard. 
+> Yes, I want to single sign enable the screen using the wizard. 
+ Cancel, I do not want to single sign this screen at this time. 


+> No, Never prompt me to single sign this screen. 


3.1.2 Launching the Wizard through the Add Application Menu 


1 Right-click the Novell SecureLogin icon on the notification area (system area), then select Add 
Application. 


Add Application 
Manage Logins 


New Login 
Advanced > 


vV Active 
About 


Log Off User 


Close 


2 The Add an Application Definition dialog box appears, prompting you to drag the Choose 
icon to the application’s login window. 
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3.2 


3.2.1 


3.2.2 


4 


SecureLogin Ba 


(= Add an application definition 


Drag the Choose icon onto the application's login window. Choose 


This SecureLogin window will move behind 
all other windows while you choose the target window. 


+ Cancel, I do not want to create a new definition. 


3 Select No, I do not want to edit the existing application definition if you do not want to modify the 
existing application definition. 


Creating an Application Definition for a Web Application 


A Web application is an application that runs on a Web browser. You can create an application 
definition for a Web application by accepting the default selections in the wizard, or you can 
manually select the attributes required for the application definition. 

¢ Section 3.2.1, “Prerequisites,” on page 67 

+ Section 3.2.2, “Using the Default Selections for an Application Definition,” on page 67 

è Section 3.2.3, “Manually Defining the Attributes for an Application Definition,” on page 70 


Prerequisites 


+ Close all open Novell SecureLogin prompts. 


¢ Verify if you have permissions to create an application definition. See Chapter 5, “Setting the 
Wizard Mode Preference,” on page 123. 


¢ Ensure that Novell SecureLogin is running on your workstation. 


Using the Default Selections for an Application Definition 


1 Ensure that you have completed the prerequisites in Section 3.2.1, “Prerequisites,” on page 67. 
2 Launch the Web application for which you want to enable single sign-on. 


Novell SecureLogin detects the application and prompts you to enable single sign-on. 
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Do you want to single sign enable the screen? 


+> Yes, I want to single sign using the default selections done by the wizard. 
+> Yes, I want to single sign enable the screen using the wizard. 
> Cancel, I do not want to single sign this screen at this time. 


> No, Never prompt me to single sign this screen. 


3 Select Yes, I want to single sign using the default selections done by the wizard. 


The Enter your Credentials dialog box is displayed. 


' Enter your credentials = 
f™ Novell l 
7 SecureLogin, N 


Please edit your login variables. 


4 Specify your credentials, then click OK. 


Novell SecureLogin saves your credentials in the directory. The next time you launch the 
application, Novell SecureLogin provides the credentials for you. 


Example: Using the Default Selections to Enable Yahoo! Mail for Single Sign-On 


1 Ensure that you have completed the prerequisites in Section 3.2.1, “Prerequisites,” on page 67. 
2 Launch Yahoo!* Mail. 


Novell SecureLogin detects the application and prompts you to enable it for single sign-on. 
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SecureLogin 
SecureLogin has detected a password field on this screen 


Window Title: Yahoo! Mail: The best web-based email! Show me 


Application URL |ogin. yahoo.com 


e Do you want to single sign enable the screen? 


> Yes, I want to single sign using the default selections done by the wizard. 
> Yes, I want to single sign enable the screen using the wizard. 
+% Cancel, I do not want to single sign this screen at this time. 


> No, Never prompt me to single sign this screen. 


3 Select Yes, I want to single sign using the default selections done by the Wizard . 
The Enter your credentials dialog box is displayed. 
4 Specify your Yahoo! ID and password. 


Enter your credentials rx 


f™ Novell , 
7 SecureLogin, 


Please edit your login variables. 


= 


Lok] cca | 


5 Click OK. 
If you have specified the correct credentials, you are logged in to Yahoo! Mail. 


For subsequent logins, Novell SecureLogin provides the credentials and logs in. 
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3.2.3 Manually Defining the Attributes for an Application Definition 


1 Ensure that you have completed the prerequisites in Section 3.2.1, “Prerequisites,” on page 67. 
2 Launch the Web application for which you want to create an application definition. 


Novell SecureLogin detects the application and prompts you to enable the screen for single sign- 
on. 


e Do you want to single sign enable the screen? 
l +> Yes, I want to single sign using the default selections done by the wizard. 
+> Yes, I want to single sign enable the screen using the wizard. 
> Cancel, I do not want to single sign this screen at this time. 


> No, Never prompt me to single sign this screen. 


3 Select Yes, I want to single sign enable the screen using the wizard. The Application Definition 
Wizard page is displayed. 


4 Configure the following attributes to create an application definition. 
¢ “Identifying the Screens” on page 70 

¢ “Specifying the Credentials Source” on page 71 

¢ “Identifying the Fields” on page 72 

¢ “Specifying Reauthentication Rules” on page 74 

+ “Defining the Submit Options” on page 75 

+ “Defining the Matching Criteria” on page 76 


Identifying the Screens 


Use the Identify screen tab to identify the login screen. If the Application Definition Wizard identifies 


the login screen correctly, a check mark A displays next to Identify screen. Click Show me to verify if 
the screen is correctly identified. 


Figure 3-3 Identifying the Login Screen 


Choose the logon screen for this application 


Drag the Choose icon onto the logon screen. Ri Choose 


This SecureLogin window will move behind all other 
windows while you select the target screen. 


Screen Title Google Talk Show me 


If the screen is not correctly identified, drag the Choose & icon to the login screen to select it. 
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Specifying the Credentials Source 


Use the Credential source tab to define the source of the credentials for the applications. 


Some applications use their own credential set to log in. However, some applications might reuse 
credentials from another source, such as the user's network password or a one-time password. 


Figure 3-4 Specifying the Credential Source 


e Which credentials should this application use? 


+ This application's own credential set 


> Other... 


Application re-uses credentials from another source such as network login credentials 
or a related application 


1 Select This application's own credential set to use the application's credential set to log in. If you 
select this option, Novell SecureLogin creates a discrete set of credentials to enable the 
application. The credential set has the name of the application. 


2 Select Other to define another source of credentials. If you select this option, select the source of 
credentials for the application. 


The options for the credential source are: 
e “Using a One-Time Password” on page 72 
+ “Using the User’s Network Login Credentials” on page 72 
+ “Using Credentials from Another Single Sign-On-Enabled Application” on page 72 


¢ “Selecting Credentials Based on a Value Identified on the Screen” on page 72 


Where wil credentials for this application come from? 
|| This application requires other credential source 
) A one-time password from a smartcard 
D The user's network login credentials 
Ð Another SecureLogin enabled applicaton 


D SecureLogin selects credentials based on a value identified on this screen 
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Using a One-Time Password 


1 Select A one-time password from a smart card to use a one-time password from a smart card. 


Using the User’s Network Login Credentials 


1 Select The user's network logon credentials to use the user's directory credentials to log in. 


Using Credentials from Another Single Sign-On-Enabled Application 


1 Select Another SecureLogin enabled application to use the credentials of another application enabled 
for single sign-on. Select the application from a list of available applications enabled for Novell 
SecureLogin. 


Selecting Credentials Based on a Value Identified on the Screen 


1 Select SecureLogin selects credentials based on a value identified on this screen to provide the 
credentials based on the presence of a particular value on the login screen. This option uses a 
text entry. Regular expressions are supported in the text entry. 


For example; 
Connecting to server (.*) 


where (.*) specifies the value that must be captured to define the credentials. 


Identifying the Fields 


Novell SecureLogin must identify the fields on the login screen before it can log in to the application. 
Typically, these are the username and password fields. You can also configure fields such as radio 
buttons or edit boxes on the login screen. Use the Identify fields menu to view the selected field. 


Figure 3-5 Selecting or Reviewing the Login Fields 


Do you want to select or review logon fields for SecureLogin 
to handle? 


> No. SecureLogin is not required to handle the fields on this screen. 


> Yes. Let me select or review the logon fields. 
SecureLogin will need to know more information to do this. 


e “Not Allowing Novell SecureLogin to Handle the Fields” on page 72 
e “Reviewing the Fields” on page 73 
e “Reviewing Other Fields” on page 74 


Not Allowing Novell SecureLogin to Handle the Fields 
1 Select No. SecureLogin is not required to handle the fields on this screen if you do not want Novell 
SecureLogin to handle the login fields on the screen. 


You can use this option to create a credential set, which can be used with other application 
screens. Similarly, you can use the credential set to link to other application definitions and use 
to identify the application screens. 
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Reviewing the Fields 


1 Select Yes. Let me select or review the logon fields to review the fields selected by the wizard . By 
default, Novell SecureLogin uses the field names as the prompts in the dialog boxes. You can 
edit the field names to make them clear and user-friendly. 


2 Ifthe login fields are not identified correctly, identify them manually by dragging the Choose 
icon to the fields and clicking the Show me icon. The selected fields are highlighted. 


(@ SecureLogin needs to identify the fields used to logon to this application... 


[7] Select or review logon fields. 


Username: 
Yahoo! ID; Yahoo! ID: Fi Choose 


[E] Treat field as sensitive field 
[E] Navigate to field using keystrokes 


Password: 
Password: Password: 
|/| Treat field as sensitive field 
[F] Navigate to field using keystrokes 


Type the text that SecureLogin presents when prompting for username and password, 


Please edit your login variables. 


3 If Show me does not highlight the correct control, update it by dragging and dropping the Choose 
icon to the button you want. 


or 
Use the Navigate to field using the keystrokes option: 
3a Click Start. 
3b Specify the keystrokes. 
3c Select Close to return to the Identify fields menu. 
3d Select Stop to stop the recording. 
The next time you log in to the application, the keystrokes are used to log in. 


4 Select Treat text field as a sensitive field to treat the username field like a password field and 
disguise the characters with asterisks. This is optional for the username but mandatory for the 
password. 
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5 (Optional) Specify the text that Novell SecureLogin presents when prompting the user for 
username and password. 


Type the text that SecureLogin presents when prompting for username and password. 


Prompt: 
Please edit your login variables. a 


Reviewing Other Fields 


1 Click All fields to show other fields detected by the wizard on the login screen. Each control is 
listed by type and name (if known). 


Select the field you want Novell SecureLogin to use in managing the login for the application, 
then specify the actions for Novell SecureLogin. 


^) Allfields 


Check each field you would like SecureLogin to indude in the logon for this application. 


(V| EditBox | Yahoo! ID: | Show me 
V| EditBox | Password: | jo) Show me 
[V] CheckBox | Keep me signed in for 2 weeks unless I sign out. Info | Show me 


What should SecureLogin do with this field? 
Action: 
(Use the value selected below for allusers ~ | 


m 


Select a value for the checkbox: 
(unchecked z) 


Depending on the application, any or all of the following fields are displayed. 
¢ Edit box 
+ Check Box 
+ Combo Box 
¢ Radio Button 


For information on configuring Novell SecureLogin to use these additional fields, refer “All 
Fields” on page 17. 


Specifying Reauthentication Rules 


1 Use the Re-authentication menu to specify if users must reauthenticate with their network 
credentials or an authentication device. 


2 Ifyou select No. The user is not required to re-authenticate, Novell SecureLogin does not prompt 
users to reauthenticate before providing credentials to the application. 
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3 Ifyou select Yes. Enforce re-authentication before accessing this application, users must specify 
credentials in order to reauthenticate. 


4 From the Select from the methods detected drop-down list, select the method Novell SecureLogin 
must use. You can select from: 


+ Use same Credentials as Network Login: Use the network login credentials. 
¢ Default: The method the user used to log in to the application. 
¢ Password: The network password. 


+ Smart Card: After the PIN is verified, Novell SecureLogin checks to see if the smart card 
belongs to the user or not. 


5 You must also specify the action Novell SecureLogin takes when the users cancels the 
reauthentication. 


You can define one of the following actions: 


¢ Click this button: Select a button on the application that Novell SecureLogin clicks when a 
user cancels the reauthentication dialog box. Select the button by dragging the Choose & 
icon to the button you want and clicking Show me. 


+ Type the following keystrokes: Define the commands or keystrokes Novell SecureLogin 
enters when a user clicks Cancel in the reauthentication dialog box. To record keystrokes: 


1. Click Start. 
2. Specify the keystrokes. 
3. After you have recorded the keystrokes, click Close. 


+ Re-direct the user to this website: Specify a URL to go to when a user cancels the prompt 
for credentials. You can redirect users to the login screen and force them to specify the login 
credentials again. 


Defining the Submit Options 


1 Use the Submit options menu to define how Novell SecureLogin submits the login screen. 


2 If you select The user submits the screen, Novell SecureLogin does nothing and the user must 
manually submit the login screen. 


e How is the logon notification screen submitted? 


> The user submits the screen 


> SecureLogin submits the screen 
Actions to be taken to complete the notification 


3 Ifyou select SecureLogin submits the screen, specify the action Novell SecureLogin takes to submit 
the login screen. 


You can specify one of the following actions: 


+ Click this button: Select a button on the application that Novell SecureLogin clicks when a 
user submits the screen. Select the button by dragging the Choose & icon to the button you 
want and clicking Show me. 
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+ Type the following keystrokes: Define the commands or keystrokes Novell SecureLogin 
enters to submit the login notification screen. To record keystrokes: 


1. Click Start. 
2. Specify the keystrokes. 
3. After you have recorded the keystrokes, click Close. 


+ Re-direct the user to this website: Specify a URL to go to when a user submits the login 
notification screen. 


4 You can also specify the action Novell SecureLogin uses when users cancel a prompt to save 
their credentials. For this, select Enable action when user cancels to change their password. 


You can specify one of the following actions: 


+ Click this button: Select a button on the application that Novell SecureLogin clicks when a 
user submits the screen.Select the button by dragging the Choose & icon to the button you 
want and clicking Show me. 


+ Type the following keystrokes: Define the commands or keystrokes Novell SecureLogin 
enters to submit the login screen. To record keystrokes: 


1. Click Start. 
2. Specify the keystrokes. 
3. After you have recorded the keystrokes, click Close. 


+ Re-direct users to this website: Specify a URL to go to when users cancel the change 
password prompt. 


Defining the Matching Criteria 


Novell SecureLogin must uniquely identify each application screen in order to run an application 
definition. If Novell SecureLogin cannot uniquely identify a particular application screen, you can 
manually define the matching criteria. 


1 Use the Matching criteria menu to define the matching criteria. 


2 If you select No. Use minimal rules based on your previous selections, Novell SecureLogin uses the 
rules defined in previous attribute panels to identify and handle the password change. 


3 Ifyou select Yes. Use additional Wizard generated rules, you can add, modify, or remove rules. Your 
matching criteria must include at least one rule. After you select this option, the following screen 
appears: 


4 By default, Use Wizard generated rules is selected. The Rules text box lists the controls that are 
detected by Novell SecureLogin. You can add new rule by dragging the Choose @ icon toa 
specific control and clicking Show me to confirm that Novell SecureLogin has identified the 
correct control. 


To modify a rule for a control: 
4a Select the rule you want to edit, then click Configure more detailed match for this control 
4b Define what Novell SecureLogin must match. You can set the following matching rule: 


+è SecureLogin is to match value displayed: If you select this option, Novell 
SecureLogin only matches those screens that exactly match the displayed text and 
rules identified. 
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3.3 


3.3.1 


3.3.2 


To verify if your regular expression is correct: 


1 Click Test Match. 


If a regular expression does not match any control on the application screen, Novell SecureLogin 


prompts you to verify your regular expression and select the correct control. 
To delete a rule: 
1 To delete a rule, select the rule, then click Remove. 


You have successfully completed creating an application definition for a Web application. The next 
time you launch the application, Novell SecureLogin provides the credentials for you. 


Creating an Application Definition for a Windows 
Application 


A Windows application is any application that is launched with an executable (. exe) file. 


You can create an application definition for a Windows application by accepting the default 
selections in the wizard, or you can manually select the attributes you want. 


¢ Section 3.3.1, “Prerequisites,” on page 77 
+ Section 3.3.2, “Using the Default Selections to Create an Application Definition,” on page 77 
+ Section 3.3.3, “Manually Defining the Attributes for an Application Definition,” on page 80 


Prerequisites 


+ Close all open Novell SecureLogin prompts. 


¢ Verify if you have permissions to create application definition. See Chapter 5, “Setting the 
Wizard Mode Preference,” on page 123. 


¢ Ensure that Novell SecureLogin is running on your workstation. 


Using the Default Selections to Create an Application Definition 


1 Ensure that you have completed the prerequisites in Section 3.3.1, “Prerequisites,” on page 77. 
2 Start a Windows application for which you want to create an application definition. 


Novell SecureLogin detects a login screen and displays the following prompt: 


e Do you want to single sign enable the screen? 
l + Yes, I want to single sign using the default selections done by the wizard. 
+ Yes, I want to single sign enable the screen using the wizard. 
+ Cancel, I do not want to single sign this screen at this time. 


> No, Never prompt me to single sign this screen. 


Using the Application Definition Wizard 


3 Select I want to single sign the screen using the predefined application definition. 


Novell SecureLogin identifies the application and displays the name of the application in the 
prompt. 


4 You are prompted to specify the credentials for the application. Specify the username, password, 
and any other information required. 


"Enter your credentials Ea 
f™ Novell : 
7 SecureLogin. N 


Please edit your login variables. 


TT 
Password: 


5 Click OK. 
Novell SecureLogin saves your credentials and uses them to log in to the application. 


The next time you launch the application, Novell SecureLogin provides the username and 
password for you. 


Example: Using the Default Selections to Create an Application Definition for 
Google Talk 


The following example demonstrates creating an application definition for Google* Talk*. 
This procedure assumes that you already have a Google account. 


1 Ensure that you have completed the prerequisites in Section 3.3.1, “Prerequisites,” on page 77. 
2 Launch Google Talk. 
Novell SecureLogin detects the application and the Novell SecureLogin dialog box is displayed. 
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G 


SecureLogin | 


© SecureLogin has detected a password field on this screen 


Window Title: Google Talk Show me 


Application EXE googletalk.exe 


Do you want to single sign enable the screen? 


+> Yes, I want to single sign using the default selections done by the wizard. 
+> Yes, I want to single sign enable the screen using the wizard. 


> Cancel, I do not want to single sign this screen at this time. 


> No, Never prompt me to single sign this screen. 


3 Select I want to single sign the screen using the default selections done by the wizard. 
The Enter your Credentials dialog box is displayed. 


4 Specify your username and password, then click OK. 


Enter your credentials 


f™ Novell ’ 
7 SecureLogin, N 


Please edit your login variables. 


Novell SecureLogin saves the credentials and uses them to log in to you Google Talk. 
5 Test the application definition by logging out and logging in again. 


If the application is defined correctly with the correct credentials, you are logged in successfully. 
If your login is not successful, delete the application definition and repeat the above steps. You 
might also need to review the application definition for event responses and errors. 
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3.3.3 Manually Defining the Attributes for an Application Definition 


1 Ensure that you have completed the prerequisites in Section 3.3.1, “Prerequisites,” on page 77. 
2 Launch the Windows application for which you want to create an application definition. 


Novell SecureLogin detects the application and prompts you to enable the screen for single sign- 
on. 


e Do you want to single sign enable the screen? 
l +> Yes, I want to single sign using the default selections done by the wizard. 
+ Yes, I want to single sign enable the screen using the wizard. 
> Cancel, I do not want to single sign this screen at this time. 


> No, Never prompt me to single sign this screen. 


3 Select Yes, I want to single sign enable the screen using the wizard. The Application Definition 
Wizard page is displayed. 


4 Configure the following attributes to create an application definition. 
¢ “Identifying the Screens” on page 80 

+ “Specifying the Credential Source” on page 81 

¢ “Identifying the Fields” on page 82 

¢ “Specifying Reauthentication Rules” on page 84 

+ “Defining the Submit Options” on page 84 

+ “Defining the Matching Criteria” on page 85 


Identifying the Screens 


1 Use the Identify screen tab to identify the login screen. If the Application Definition Wizard 


identifies the login screen correctly, a check mark a displays next to Identify screen. Click Show 
me to verify if the screen is correctly identified. 


Choose the logon screen for this application 


Drag the Choose icon onto the logon screen. Choose 


This SecureLogin window will move behind all other 
windows while you select the target screen. 


Screen Title Google Talk {o Show me 


2 Ifthe screen is not correctly identified, drag the Choose & icon to the login screen to select it. 
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Specifying the Credential Source 


+ 


+ 


+ 


+ 


“Using a One-Time Password” on page 82 
“Using User’s Network Login Credentials” on page 82 
“Using Credentials from Another Single Sign-One Enabled Application” on page 82 


“Selecting Credentials Based on a Value Identified on the Screen” on page 82 


Use the Credential source tab to define the source of the credentials for the applications. 


Some applications use their own credential set to log in. However, some applications might 
reuse credentials from another source, such as the user's network password or a one-time 
password. 


e Which credentials should this application use? 


+ This application's own credential set 


> Other... 


Application re-uses credentials from another source such as network login credentials 
or a related application 


Select This application's own credential set to use the application's credential set to log in. If you 
select this option, Novell SecureLogin creates a discrete set of credentials to enable the 
application. The credential set has the name of the application. 


Select Other to define another source of credentials. If you select this option, select the source of 
credentials for the application. 


Where wil credentials for this application come from? 
|| This application requires other credential source 
A one-time password from a smartcard 
© The user's network login credentials 
D) Another SecureLogin enabled applicaton 
D SecureLogin selects credentials based on a value identified on this screen 


The options for the credential source are: 


“Using a One-Time Password” on page 82 
“Using User’s Network Login Credentials” on page 82 
“Using Credentials from Another Single Sign-One Enabled Application” on page 82 


“Selecting Credentials Based on a Value Identified on the Screen” on page 82 
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Using a One-Time Password 


1 Select A one-time password from a smart card to use a one-time password from a smart card. 


Using User’s Network Login Credentials 


1 Select The user's network logon credentials to use the user's directory credentials to log in. 


Using Credentials from Another Single Sign-One Enabled Application 
1 Select Another SecureLogin enabled application to use the credentials of another application enabled 
for single sign-on. 


Select the application from a list of available applications enabled for Novell SecureLogin. 


Selecting Credentials Based on a Value Identified on the Screen 
1 Select SecureLogin selects credentials based on a value identified on this screen to provide the 
credentials based on the presence of a particular value on the login screen. 
This option uses a text entry. Regular expressions are supported in the text entry. 
For example: 
Connecting to server (.*) 


where (.*) specifies the value that must be captured to define the credentials. 


Identifying the Fields 


Novell SecureLogin must identify the fields on the login screen before it can log in to the application. 
Typically, these are the username and password fields. You can also configure fields such as radio 
buttons or edit boxes on the login screen. Use the Identify fields menu to view the selected fields. 


Figure 3-6 Selecting or Reviewing the Login Fields 


Do you want to select or review logon fields for SecureLogin 
to handle? 


+ No. SecureLogin is not required to handle the fields on this screen. 


+% Yes. Let me select or review the logon fields. 
SecureLogin will need to know more information to do this. 


e “Not Allowing Novell SecureLogin to Handle the Fields” on page 82 
e “Reviewing the Fields” on page 83 
¢ “Reviewing Other Fields” on page 83 


Not Allowing Novell SecureLogin to Handle the Fields 
1 Select No. SecureLogin is not required to handle the fields on this screen if you do not want Novell 
SecureLogin to handle the login fields on the screen. 
Use this option to create a credential set, which can be used with other application screens. 


Similarly, you can use the credential set to link to other application definitions and to identify 
the application screens. 
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Reviewing the Fields 


1 Select Yes. Let me select or review the logon fields to review the fields selected by the wizard . 


By default, Novell SecureLogin uses the field names as the prompts in the dialog boxes. You can 
edit the field names to make them clear and user-friendly. 


2 Ifthe login fields are not identified correctly, identify them manually by dragging the Choose 
icon to the button you want to the fields and clicking the Show me icon. 


The selected fields are highlighted. 


3 If Show me does not highlight the correct control, update it by dragging and dropping the Choose 
icon to the button you want. 


or 
Use the Navigate to field using the keystrokes option. 
3a Click Start. 
3b Specify the keystrokes. 
3c Select Close to return to the Identify fields menu. 
3d Select Stop to stop the recording. 
The next time you log in to the application, the keystrokes are used to log in. 


4 Select Treat text field as a sensitive field to treat the username field like a password field and 
disguise the characters with asterisks. This is optional for the username but mandatory for the 
password. 


5 (Optional) Specify the text that Novell SecureLogin presents when prompting the user for 
username and password. 


Type the text that SecureLogin presents when prompting for username and password. 


Prompt 
Please edit your login variables. 


Reviewing Other Fields 
1 Click All fields to show other fields detected by the wizard on the login screen. Each control is 
listed by type and name (if known). 


Select the field you want Novell SecureLogin to use in managing the login for the application, 
then specify the actions for Novell SecureLogin. 


Depending on the application, any or all of the following fields are displayed. 
¢ Edit box 
+ Check Box 
+ Combo Box 
¢ Radio Button 


For information on configuring Novell SecureLogin to use theseadditional fields, refer “All 
Fields” on page 17. 
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Specifying Reauthentication Rules 


1 Use the Re-authentication menu to specify if users must reauthenticate with their network 
credentials or an authentication device. 


2 If you select No. The user is not required to re-authenticate, Novell SecureLogin does not prompt 
users to reauthenticate users before providing the credentials to the application. 


3 Ifyou select Yes. Enforce re-authentication before accessing this application, users must specify the 
credentials in order to reauthenticate. 


4 From the Select from the methods detected drop-down list, select the method Novell SecureLogin 
must use. 


You can select from: 
+ Use same credentials as network login: Use the network login credentials. 
¢ Password: The network password. 


+ Smart card: After the PIN is verified, Novell SecureLogin checks to see if the smart card 
belongs to the user or not. 


5 You must also specify the action Novell SecureLogin takes when the users cancels the 
reauthentication. You can define one of the following actions: 


¢ Click this button: Select a button on the application that Novell SecureLogin clicks when a 
user cancels the reauthentication dialog box. Select the button by dragging the Choose & 
icon to the button you want and clicking Show me. 


+ Type the Following Keystorkes: Define the commands or keystrokes Novell SecureLogin 
enters when a user clicks Cancel in the reauthentication dialog box. To record keystrokes: 


1. Click Start. 
2. Specify the keystrokes. 
3. After you have recorded the keystrokes, click Close. 


+ Re-direct the user to this website: Specify a URL to go to when a user cancels the 
promptfor credentials. You can redirect users to the login screen and force them to specify 
the login credentials again. 


Defining the Submit Options 


1 Use the Submit options menu to define how Novell SecureLogin submits the login screen. 


2 If you select The user submits the screen, Novell SecureLogin does nothing and the user must 
manually submit the login screen. 


e How is the logon notification screen submitted? 


> The user submits the screen 


> SecureLogin submits the screen 
Actions to be taken to complete the notification 


3 Ifyou select SecureLogin submits the screen, specify the action Novell SecureLogin takes to submit 
the login screen. 
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You can specify one of the following actions: 


¢ Click this button: Select a button on the application that Novell SecureLogin clicks when 


user submits the screen. Highlight Select the button by dragging the Choose & icon to the 


button you want and clicking Show me. 


+ Type the following keystrokes: Define the commands or keystrokes Novell SecureLogin 
enters to submit the login notification screen. To record keystrokes: 


1. Click Start. 
2. Specify the keystrokes. 
3. After you have recorded the keystrokes, click Close. 


¢ Re-direct the user to this website: Specify a URL to go to when a user submits the login 
notification screen. 


4 You can also specify the action Novell SecureLogin uses when users cancel a prompt to save 
their credentials. For this, select Enable action when user cancels to change their password. 


You can specify one of the following actions: 


+ Click this button: Select a button on the application that Novell SecureLogin clicks when 


a 


a 


user submits the screen.Select the button by dragging the Choose & icon to the button you 


want and clicking Show me. 


+ Type the following keystrokes: Define the commands or keystrokes Novell SecureLogin 
enters to submit the login screen. To record keystrokes: 


1. Click Start. 
2. Specify the keystrokes. 
3. After you have recorded the keystrokes, click Close. 


+ Re-direct users to this website: Specify a URL to go to when users cancel the change 
password prompt. 


Defining the Matching Criteria 


Novell SecureLogin must uniquely identify each application screen in order to run an application 
definition. If Novell SecureLogin cannot uniquely identify a particular application screen, you can 
manually define the matching criteria. 


Use the Matching criteria menu to define the matching criteria. 


1 If you select No. Use minimal rules based on your previous selections, Novell SecureLogin uses the 
rules defined in previous attribute panels to identify and handle the password change. 


2 If you select Yes. Use additional Wizard generated rules, you can add, modify, or remove rules. 


Your matching criteria must include at least one rule. 
After you select this option, the following screen appears: 
3 By default, Use Wizard generated rules is selected. 
The Rules text box lists the controls that are detected by Novell SecureLogin. 
Add new rule by dragging the Choose & icon to a specific control. 


Click Show me to confirm that Novell SecureLogin has identified the correct control. 


Using the Application Definition Wizard 


85 


To modify a rule for a control: 
1 Select the rule you want to edit, then click Configure more detailed match for this control 


2 Define what Novell SecureLogin must match. You can set the following matching rule: 


+ SecureLogin is to match value displayed: If you select this option, Novell SecureLogin 
only matches those screens that exactly match the displayed text and rules identified. 


To verify the regular expression: 


1 Click Test Match to verify if your regular expression is correct. 


If aregular expression does not match any control on the application screen, Novell SecureLogin 
prompts you to verify your regular expression and select the correct control. 


To delete a rules: 
1 Select the rule, then click Remove 


You have successfully completed creating an application definition for a Web application. The next 
time you launch the application, Novell SecureLogin provides the credentials for you. 


3.4 Creating an Application Definition for a Java Application or 
an Oracle Form 


Novell SecureLogin 7.0 SP1 supports single sign-on feature for Web enabled Oracle form applications 
and Java* applications. 


A Java application is a Java program that runs independently. The Java Virtual Machine in the client 
or server interprets the instructions. 


For Oracle form applications SecureLogin uses the pre-installed Oracle* JInitiator or JRE in the 
machine. If any of these Java components is added after installing (or upgrading to) SecureLogin 7.0 
SP1, you need to enable SecureLogin to use the newly added Java component. To enable support to 
the new Java component, run the repair option of the SecureLogin installer. 


You can create an application definition for a Java application or an Oracle application by accepting 
the default selections in the wizard, or you can manually select the attributes you want. 


NOTE: Loading of Oracle components requires some time before an application definition for Oracle 
form is started. Therefore, the Wizard consumes some time when starting the application definition 
for Oracle form. 


¢ Section 3.4.1, “Prerequisites,” on page 86 
+ Section 3.4.2, “Using the Default Selections to Create an Application Definition,” on page 87 
¢ Section 3.4.3, “Manually Defining the Attributes for an Application Definition,” on page 88 


3.4.1 Prerequisites 


+ Inthe Java preferences, set the Add application prompts for Java applications preference to Yes. 
+ Inthe Java preferences, set the Allow single sign-on to Java applications preference to Yes. 


¢ Ensure that you have Sun* Java Runtime Engine (JRE*) version 1.3 or later or Oracle* JInitiator* 
version 1.3.1 or later. 
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+ Close all open Novell SecureLogin prompts. 


¢ Verify if you have permissions to create application definition. See Chapter 5, “Setting the 
Wizard Mode Preference,” on page 123. 


¢ Ensure that Novell SecureLogin is running on your workstation. 


3.4.2 Using the Default Selections to Create an Application Definition 


1 Ensure that you have completed the prerequisites in Section 3.4.1, “Prerequisites,” on page 86. 


2 Launch the Java application for which you want to create an application definition. 


Novell SecureLogin detects the application and prompts you to enable single sign-on. 


Do you want to single sign enable the screen? 


+% Yes, I want to single sign using the default selections done by the wizard. 
> Yes, I want to single sign enable the screen using the wizard. 
+% Cancel, I do not want to single sign this screen at this time. 


> No, Never prompt me to single sign this screen. 


3 Select Yes, I want to single sign using the default selections done by the wizard. 


The Enter your Credentials dialog box is displayed. 


"Enter your credentials 
f™ Novell i 
7 SecureLogin, N 


Please edit your login variables. 


SE Z | 
— 


4 Specify your credentials, then click OK. 


Novell SecureLogin saves your credentials in the directory. The next time you launch the 
application, Novell SecureLogin provides the credentials for you. 
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3.4.3 Manually Defining the Attributes for an Application Definition 


1 Ensure that you have completed the prerequisites in Section 3.4.1, “Prerequisites,” on page 86. 
2 Launch the Java application for which you want to create an application definition. 


Novell SecureLogin detects the application and prompts you to enable the screen for single sign- 
on. 


e Do you want to single sign enable the screen? 
l + Yes, I want to single sign using the default selections done by the wizard. 
+> Yes, I want to single sign enable the screen using the wizard. 
+% Cancel, I do not want to single sign this screen at this time. 


> No, Never prompt me to single sign this screen. 


3 Select Yes, I want to single sign enable the screen using the wizard. The Application Definition 
Wizard page is displayed. 


4 Configure the following attributes to create application definition. 
¢ “Identifying the Screens” on page 88 

+ “Specifying the Credential Source” on page 88 

¢ “Identifying the Fields” on page 90 

¢ “Specifying Reauthentication Rules” on page 91 

+ “Defining the Submit Options” on page 92 

¢ “Defining the Matching Criteria” on page 93 


Identifying the Screens 


1 Use the Identify screen tab to identify the login screen. If the Application Definition Wizard 


identifies the login screen correctly, a check mark KA displays next to Identify screen. 


NOTE: The Show me icon fails to highlight the fields identified by the wizard for all embedded 
Java applets from JRE 6u7 and later. It fails to highlight the corresponding target for all the 
attributes of the Application Definition Wizard, such as Identify fields, Re-authentication, Submit 
options, and Matching criteria. 


2 Drag the Choose & icon to the detect and select login screen. 


Specifying the Credential Source 


1 Use the Credential source tab to define the source of the credentials for the applications. 


Some applications use their own credential set to log in. However, some applications might 
reuse credentials from another source, such as the user's network password or a one-time 
password. 
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e Which credentials should this application use? 


+ This application's own credential set 


> Other... 


Application re-uses credentials from another source such as network login credentials 
or a related application 


2 Select This application's own credential set to use the application's credential set to log in. 


If you select this option, Novell SecureLogin creates a discrete set of credentials to enable the 
application. The credential set has the name of the application. 


3 Select Other to define another source of credentials. 


If you select this option, select the source of credentials for the application. 


Where wil credentials for this application come from? 
|| This application requires other credential source 
A one-time password from a smartcard 
D The user's network login credentials 
Another SecureLogin enabled applicaton 


SecureLogin selects credentials based on a value identified on this screen 


The options for the credential source are: 
+ “Using a One-Time Password” on page 89 
¢ “Using a User’s Network Login Credentials” on page 89 
e “Using Credentials from Another Single Sign-One Enabled Application” on page 89 
¢ “Selecting Credentials Based on a Value Identified on the Screen” on page 90 


Using a One-Time Password 


1 Select A one-time password from a smart card to use a one-time password from a smart card. 


Using a User’s Network Login Credentials 
1 Select The user’s network logon credentials to use the user's directory credentials to log in. 


Using Credentials from Another Single Sign-One Enabled Application 


1 Select Another SecureLogin enabled application to use the credentials of another application enabled 
for single sign-on. 


Select the application from a list of available applications enabled for Novell SecureLogin. 
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Selecting Credentials Based on a Value Identified on the Screen 
1 Select SecureLogin selects credentials based on a value identified on this screen to provide the 
credentials based on the presence of a particular value on the login screen. 
This option uses a text entry. Regular expressions are supported in the text entry. 
For example: 
Connecting to server (.*) 


where (.*) specifies the value that must be captured to define the credentials. 


Identifying the Fields 


Novell SecureLogin must identify the fields on the login screen before it can log in to the application. 
Typically, these are the username and password fields. You can also configure fields such as radio 
buttons or edit boxes on the login screen. 


Use the Identify fields menu to view the selected fields. 


Figure 3-7 Selecting or Reviewing the Login Fields 


, Do you want to select or review logon fields for SecureLogin 
‘to handle? 


> No. SecureLogin is not required to handle the fields on this screen. 


> Yes. Let me select or review the logon fields. 
SecureLogin will need to know more information to do this. 


+ “Not Allowing Novell SecureLogin to Handle the Fields” on page 90 
e “Reviewing the Fields” on page 90 
e “Reviewing Other Fields” on page 91 


Not Allowing Novell SecureLogin to Handle the Fields 
1 Select No. SecureLogin is not required to handle the fields on this screen if you do not want Novell 
SecureLogin to handle the login fields on the screen. 


You can use this option to create a credential set, which can be used with other application 
screens. 


Similarly, you can use the credential set to link to other application definitions and to identify 
the application screens. 


Reviewing the Fields 


1 Select Yes. Let me select or review the logon fields to review the fields selected by the wizard. 


By default, Novell SecureLogin uses the field names as the prompts in the dialog boxes. You can 
edit the field names to make it clear and user-friendly. 


2 Select Treat text field as a sensitive field to treat the username field like a password field and 
disguise the characters entered with asterixes. 


This is optional for the username but mandatory for the password. 
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NOTE: If the label text for a control is empty or incorrect, do the following: 
*Click Show me to verify if the correct control is selected. 


+If Show me does not highlight the correct control, update it by dragging and dropping the 
Choose icon or use the Navigate to field using the keystrokes option. 


3 Select Navigate to field using keystrokes if you are having difficulty identifying the correct fields 
using other methods. Novell SecureLogin prompts you to use Navigate to field using keystrokes if it 
cannot identify the fields on the login screen. 


To record keystrokes: 
3a Click Start. 
3b Specify the keystrokes. 
3c Select Close to return to the Identify fields menu. 
3d Select Stop to stop the recording. 
Next time you login to the application, keystrokes are used to log in. 


4 You can also specify the text that Novell SecureLogin presents when prompting the user for the 
username and password. 


Type the text that SecureLogin presents when prompting for username and password. 


Prompt 
Please edit your login variables. “ 


Reviewing Other Fields 


1 Click All fields to show other fields detected by the wizard on the login screen. 
Each control is listed by type and name (if known). 


Select the field you want Novell SecureLogin to use in managing the login for the application, 
then specify the actions for Novell SecureLogin. 


Depending on the application, any or all of the following fields are displayed. 
¢ Edit box 
+ Check Box 
+ Combo Box 
¢ Radio Button 


For information on configuring Novell SecureLogin to use these additional fields, refer “All 
Fields” on page 17. 


Specifying Reauthentication Rules 
1 Use the Re-authentication menu to specify how users must reauthenticate. Specify if they must 
reauthenticate with their network credentials or an authentication device. 


2 If you select No. The user is not required to re-authenticate, Novell SecureLogin does not prompt 
users to reauthenticate before providing the credentials to the application. 


3 If you select Yes. Enforce re-authentication before accessing this application, users must specify the 
credentials that Novell SecureLogin uses to reauthenticate the user’s identity. 
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4 From the Select from the methods detected drop-down list, select the method Novell SecureLogin 
must use. You can select from: 


+ Use same credentials as network login: Use the network login credentials. 
¢ Password: The network password. 


+ Smart card: After the PIN is verified, Novell SecureLogin checks to see if the smart card 
belongs to the user or not. 


5 You must also specify the action Novell SecureLogin takes when the users cancels the 
reauthentication. 


You can define one of the following actions: 


+ Click this button: Select a button on the application that Novell SecureLogin clicks when a 
user cancels the reauthentication dialog box. 


+ Type the following keystrokes: Define the commands or keystrokes Novell SecureLogin 
enters when a user clicks Cancel in the reauthentication dialog box. To record keystrokes: 


1. Click Start. 
2. Specify the keystrokes. 
3. After you have recorded the keystrokes, click Close. 


+ Re-direct the user to this website: Specify a URL to go to when a user cancels the prompt 
for credentials. You can redirect users to the login screen and force them to specify the login 
credentials again again. 


Defining the Submit Options 


1 Use the Submit options menu how Novell SecureLogin submits the login screen. 


2 If you select The user submits the screen, Novell SecureLogin does nothing and the user must 
manually submit the login screen. 


e How is the logon notification screen submitted? 


> The user submits the screen 


> SecureLogin submits the screen 
Actions to be taken to complete the notification 


If you select SecureLogin submits the screen, specify the action Novell SecureLogin takes to submit 
the login screen. 


You can specify one of the following actions: 


¢ Click this button: Select a button on the application that Novell SecureLogin clicks when a 
user submits the screen. 


+ Type the following keystrokes: Define the commands or keystrokes Novell SecureLogin 
enters to submit the login notification screen. To record keystrokes: 


1. Click Start. 
2. Specify the keystrokes. 
3. After you have recorded the keystrokes, click Close. 


+ Re-direct the user to this website: Specify a URL to go to when a user submits the login 
notification screen. 
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3 You can also specify the action Novell SecureLogin uses when users cancel a prompt to save 
their credentials.. For this, select Enable action when user cancels to change their password. You can 
specify one of the following actions: 


¢ Click this button: Select a button on the application that Novell SecureLogin clicks when a 
user submits the screen. 


¢ Type the following keystrokes: Define the commands or keystrokes Novell SecureLogin 
enters to submit the login screen. To record keystrokes: 


1. Click Start. 
2. Specify the keystrokes. 
3. After you have recorded the keystrokes, click Close. 


+ Re-direct users to this website: Specify a URL to go to when users cancel the change 
password prompt. 


Defining the Matching Criteria 


Novell SecureLogin must uniquely identify each application screen in order to run an application 
definition. If Novell SecureLogin cannot uniquely identify a particular application screen, you can 
manually define the matching criteria. Use the Matching criteria menu to define the matching criteria. 


1 If you select No. Use minimal rules based on your previous selections, Novell SecureLogin uses the 
rules defined in previous attribute panels to identify and handle the password change. 


2 Ifyou select Yes. Use additional Wizard generated rules, you can add, modify, or remove rules. Your 
matching criteria must include at least one rule. : 


3 By default, Use Wizard generated rules is selected. The Rules text box lists the controls that are 
detected by Novell SecureLogin. 


To modify a rule for a control: 


1 Select the rule you want to edit, then click Configure more detailed match for this control 
2 Define what Novell SecureLogin must match. You can set the following matching rule: 


+ SecureLogin is to match value displayed: If you select this option, Novell SecureLogin 
only matches those screens that exactly match the displayed text and rules identified. 


To verify regular expression: 


1 Click Test Match to verify if your regular expression is correct. 


If a regular expression does not match any control on the application screen, Novell SecureLogin 
prompts you to verify your regular expression and select the correct control. 


To delete a rule: 
1 To delete a rule, select the rule, then click Remove. 


You have successfully completed creating an application definition for a Web application. The next 
time you launch the application, Novell SecureLogin provides the credentials for you. 


3.5 Using a Predefined Application Definition 


Novell SecureLogin provides a set of predefined application definitions. Use the predefined 
application definitions to enable applications for single sign-on. 
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NOTE: Novell SecureLogin does not provide predefined application definitions for Java 
applications. 


+ Section 3.5.1, “Using a Predefined Application Definition to Enable a Web Application for Single 
Sign-On,” on page 94 

¢ Section 3.5.2, “Using a Predefined Application Definition to Enable Windows Application for 
Single Sign-On,” on page 96 


3.5.1 Using a Predefined Application Definition to Enable a Web Application 
for Single Sign-On 


1 Launch a Web application. 


If a predefined application definition exists for that application, Novell SecureLogin 
automatically detects the application definition. 


The Novell SecureLogin dialog box is displayed. 
2 Select I want to single sign the screen using the predefined application definition. 


Novell SecureLogin identifies the application and displays the name of the application in the 
prompt. 


3 You are prompted to specify the credentials for the application. Specify the username, password, 
and any other information required. 


4 Click OK. 
Novell SecureLogin saves your credentials and uses them to log in to the application. 


The next time you launch the application, Novell SecureLogin provides the username and 
password for you. . 


Example: Using a Predefined Application Definition to Enable Single Sign-On for 
Novell WebAccess 


The following example demonstrates enabling single sign-on for a Novell WebAccess. Novell 
SecureLogin provides a predefined application for Novell WebAccess. 


This procedure assumes that you already have a GroupWise® account. 


1 Launch Novell WebAccess. 


A predefined application definition exists for Novell WebAccess. Novell SecureLogin detects the 
application and the Novell SecureLogin dialog box is displayed. 
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SecureLogin 
SecureLogin has detected a password field on this screen 


Window Title: Novell WebAccess Show me 


Application URL 9gmail.novell.com 


@ Do you want to single sign enable the screen? 


Yes, I want to use the predefined application definition. 
“ Novell GroupWise V7.0 Web Login 


+> Yes, I want to single sign enable the screen using the wizard. 
+ Cancel, I do not want to single sign this screen at this time. 


> No, Never prompt me to single sign this screen. 


2 Select I want to single sign the screen using the predefined application definition. Novell GroupWise 
Messenger V7.0 Web Login. 


The Enter your GroupWise information dialog box is displayed. 


3 Specify your username and password, then click OK. 


f™ Novell ’ 
7 SecureLogin. 


Please enter you Group Wise information. 


Usemame : 


Novell SecureLogin saves the credentials and uses them to log in to your GroupWise WebAccess 
account. 
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4 Test the application definition by logging out and logging in again. 


If the application is defined correctly with the correct credentials, you are logged in successfully. 
If your login is not successful, delete the application definition and repeat the above steps. You 
might also need to review the application definition for event responses and errors 


3.5.2 Using a Predefined Application Definition to Enable Windows 


96 


Application for Single Sign-On 


1 Launch a Windows application. 


If a predefined application definition exists for that application, Novell SecureLogin 
automatically detects the application definition. 

The Novell SecureLogin dialog box is displayed. 

Select I want to single sign the screen using the predefined application definition. 


Novell SecureLogin identifies the application and displays the name of the application in the 
prompt. 


You are prompted to specify the credentials for the application. Specify the username, password, 
and any other information required. 


Click OK. 
Novell SecureLogin saves your credentials and uses them to log in to the application. 


The next time you launch the application, Novell SecureLogin provides the username and 
password for you. . 


Example: Using a Predefined Application to Enable Single Sign-On for Novell 
GroupWise Messenger 


The following example demonstrates enabling single sign-on for Novell GroupWise Messenger. 
This procedure assumes that you already have a GroupWise Messenger account. 


1 Launch GroupWise Messenger. 


A predefined application definition exists for GroupWise Messenger. Novell SecureLogin 
detects the application and the Novell SecureLogin dialog box is displayed. 
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© SecureLogin has detected a password field on this screen 


Window Title: GroupWise Messenger Login g5) Show me 


Application EXE NMCL32.exe ] 


e Do you want to single sign enable the screen? 


I want to single sign the screen using the predefined application definition. 
” Novell GroupWise Messenger Version 2.0 


> I want to single sign enable the screen using the wizard. 
> I do not want to single sign this screen at this time. 


> Never prompt me to single sign this screen. 


Select I want to single sign the screen using the predefined application definition. Novell GroupWise 
Messenger Version 2.0. 


The Enter your GroupWise information dialog box is displayed. 
Specify your User ID, Password, IP Address, and Port details, then click OK. 


f™ Novell j 
7 SecureLogin 


Novell SecureLogin saves the credentials and uses them to log in to your GroupWise Messenger 
account. 
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4 Test the application definition by logging out and logging in again. 


If the application is defined correctly with the correct credentials, you are logged in successfully. 
If your login is not successful, delete the application definition and repeat the above steps. You 
might also need to review the application definition for event responses and errors. 


3.6 Testing Application Definitions 


You can test only the application definitions that were created by using the wizard. Application 
definitions created manually or with earlier versions of Novell SecureLogin cannot be tested in the 
current version. 


IMPORTANT: Before you begin to test the application definition, close the application and relaunch 
it. 


You can test an application definition after you have completed filling in the relevant attributes. 


1 Make sure you have specified all of the attributes you want for the application definition. 


Attributes that are included in the application definition are indicated by a green check mark 


2 After you have completed specifying the attributes, click Test. 


Only saved application definitions can be tested. 
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[=] New | x 
5 f Sign in to Yahoo! India 
B [E] Logon 
© Signin to Yahoo! India 
>) Logon Notification 
Change Password 
e acacia 
Other 


Additional identification rules 

For SecureLogin to successfully single sign the target window ,the 

matching criteria must be correct. Please test after criteria has been 

modified 

Drag the Choose icon onto the target screen to test matching Choose 
criteria 


[E] Use Wizard generated rules. 


The Testing Application Definition Console displays a log of the following items: 


+ The steps Novell SecureLogin takes to match the application you have started with the 
application definition. 


¢ The fields matched by the wizard . 
+ Ifthe credentials are successful, a message indicating that the login was successful. 


+ The actions performed on each of the fields. 
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x Testing Application Definition Console 


If the application you want to test is already running, please, dose it and restart it again to test the 
forms that have been defined. 


Conducting Match on login form Yahoo! Mail: The best web-based email! 
Matched Field ‘login’ 

Matched Field ‘passwd! 

Successfully matched login form Yahoo! Mail: The best web-based email! 
Performed entry action TextInput $username into control id#1:26 
Performed entry action TextInput Spassword into control id#1:27 
PressInput action performed 


3 Review the log to troubleshoot possible errors that occurred while creating the application 
definition. 


The following graphic indicates that the application cannot be launched because the New Logon 
Notification Form is incomplete. 


| @ SecureLogin sso e l a 


x Testing Application Definition Console 


If the application you want to test is already running, please, close it and restart it again to test the 
forms that have been defined. 


[Cannot run loginNotifierForm New Logon Notification Form it is not complete 
Conducting Match on login form Yahoo! Mail: The best web-based... 
Conducting Match on login form Yahoo! Mail: The best web-based... 

Cannot run loginNotifierForm New Logon Notification Form it is not complete 
Conducting Match on login form Yahoo! Mail: The best web-based... 
Conducting Match on login form Yahoo! Mail: The best web-based... 
Cannot run loginNotifierForm New Logon Notification Form it is not complete 
Conducting Match on login form Yahoo! Mail: The best web-based... 
Conducting Match on login form Yahoo! Mail: The best web-based... 


4 Select Clear to clear the log. 


5 Select Cancel to close the Testing Application Definition Console and return to the Application 
Definition Wizard. 
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3.7 Deploying Application Definitions 


An application definition created using the Application Definition Wizard is stored in the creator's 
object in the directory. You should create and test an application definition by using a test account 
before distributing it. 


For detailed information on deploying and distributing the configuration, refer “Distributing 
Configurations” in the Novell SecureLogin Administration Guide. 


3.8 Configuring Notifications 


You can use the Application Definition Wizard to configure notifications such as login notifications 
and change password notifications. 


è Section 3.8.1, “Creating an Application Definition for Login Notification,” on page 101 


+ Section 3.8.2, “Creating an Application Definition for Change Password,” on page 106 


è Section 3.8.3, “Creating an Application Definition for Change Password Notification,” on 
page 113 


3.8.1 Creating an Application Definition for Login Notification 


You can use the Logon Notification menu to create application definitions that inform the users about 
an event that occurred during login, such as a mismatch of the username and password or an 
incorrect password. You can configure the notification to display all or part of the credentials to the 
user. A login notification is also a message that the application presents after Novell SecureLogin 
submits the credentials. 


NOTE: A login notification cannot be created if a login form is not defined. 


For details on the tasks involved in creating a login notification, see Section 2.1.2, “Login 
Notification,” on page 26. 


e “Example: Creating a GroupWise Messenger Login Notification” on page 101 


¢ “Testing the Login Notification Application Definition” on page 105 


Example: Creating a GroupWise Messenger Login Notification 


In the following example, you create a login notification for the Google Talk. 


Prerequisites 
+ Create a login for GroupWise Messenger. That is, an application definition must be created for 
GroupWise Messenger. 
¢ This example assumes that you have previously specified an incorrect username or password or, 
both. 
1 Launch GroupWise Messenger. 


2 (Conditional) Because you have specified incorrect credentials when creating the application 
definition, Novell SecureLogin detects the incorrect credentials and prompts you to specify 
correct credentials. 
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The GroupWise Messenger dialog box is displayed. 


A Please enter a valid user ID and password. 


a 


3 Right-click the Novell SecureLogin icon on the notification area (system tray), then select Add 
Application. 


The Add an Application Definition dialog box is displayed. 


Go Add an application definition 


Drag the Choose icon onto the application's login window. Choose 


This SecureLogin window will move behind 
all other windows while you choose the target window. 


> Cancel, I do not want to create a new definition. 


4 In this example, you have specified incorrect user ID and password. To identify the fields, drag 
the Choose & icon to the GroupWise Messenger dialog box displaying the error message. 


You are prompted to edit the existing application definition, edit the application definition by 
adding a new form, or not edit the application definition. 
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© Add an application definition 
Drag the Choose icon onto the application's login window. 


This SecureLogin window will move behind 
all other windows while you choose the target window. 


Window Title: GroupWise Messenger (DB) show me 


Application EXE NMCL32.exe 


SecureLogin has an existing user-defined application definition for this application created using the wizard. 


e Do you want to use the existing application definition? 


+> Yes, I want to edit the existing application definition. 
> Yes, I want to edit the existing application definition adding this new form. 


> Cancel, I do not want to edit the existing application definition. 


5 Select Yes, I want to edit the existing application definition adding this new form. 


The Application Definition Wizard opens. The Identify Screen menu has a KA green check mark 
because the fields are identified correctly. 


NOTE: A form named GroupWise Messenger is created under Logon Notification. 


Using the Application Definition Wizard 103 


@new ~| X 
© A NMCL32.exe - GroupWise Messenger Lot 


Do you want to select and review which credentials are displayed 
to the user? 


> No, I want SecureLogin to display all credentials 


> Yes, I want to select the appropiate credentials 


@ a ean ie 2 enna Oe On ee ee ee a a 
has submitted credentials. An example is an emor message displaying incorect a = 
aera eee cee So a ton os een oe 


Do you want to select and review which credentials are displayed 
to the user? 


> No, I want SecureLogin to display all credentials 


> Yes, I want to select the appropiate credentials 


7 Select Yes, I want to select the appropriate credentials. 


8 Inthe Notification text box, specify the message that is presented to the user. 
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Select credentials and review prompt displayed to user 
Customize credentials and prompt which are displayed to the user. 


Type the text that SecureLogin presents when this notification occurs 
Notification 
Please enter a valid user ID and password. 2 


Which credentials should SecureLogin make available for user update? 
Credentials 


password 
username 


Enable action when user cancels to enter their credentials 


9 From the Credentials list, select the credential for which you want to create a notification. In this 
example, select Password. 


10 Navigate to the Submit options menu. 
11 Specify how the login notification screen is submitted. Select SecureLogin submits the screen. 
By default, the SecureLogin submits the logon notification screen is selected 


12 Select the Click this button option. In this example, the OK button is identified by the wizard to 
submit the login screen. 


13 Navigate to Matching criteria menu. 
14 Select No. Use minimal rules based on your previous selections. 
15 Click Apply to save your settings. 


16 Click OK to exit the Application Definition Wizard and return to the Novell SecureLogin Client 
Utility page. 


17 Click Apply and OK to exit. 


You have successfully created an application definition to handle a login notification. Next, test the 
application definition. 


Testing the Login Notification Application Definition 


1 Launch GroupWise Messenger. 


In Section 3.8.1, “Creating an Application Definition for Login Notification,” on page 101 you 
created an application definition to notify the wrong password. 


Because you specified a wrong password when enabling Google Talk for single sign-on, you are 
prompted to specify the credentials. The message is displayed on the Enter your Credentials 
dialog box is the message that you specified. 


2 Specify the correct password to log in successfully. 
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3.8.2 Creating an Application Definition for Change Password 


Application definitions can also include instructions for changing the password for an application. 
Novell SecureLogin can automatically generate new passwords for an application that match your 
organization’s password policy or it can allow users to select new password. You can also customize 
the change password prompts displayed to the users. 


¢ “Example: Creating a Gmail Change Password” on page 106 
¢ “Testing the Change Password” on page 112 


Example: Creating a Gmail Change Password 


Prerequisite 
+ Create a login for Gmail*. That is, an application definition must be created for Gmail. 


1 Launch Gmail. 


2 Navigate to the Change Password screen. 


Google accounts 


Change password 


To reset your password, provide your current password OR the answer to your security question. 


© Current password: 


OR 


© What is your library card number? | 


New password: : | Password strength: 


Confirm new password: | 


3 Right-click the Novell SecureLogin icon on the notification area (system tray), then select Add 
Application. 
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© Add an application definition 
Drag the Choose icon onto the application's login window. Choose 


This SecureLogin window will move behind 
all other windows while you choose the target window. 


> Cancel, I do not want to create a new definition. 


4 Drag the Choose & icon to the change password screen. 

5 Select Yes, I want to edit the existing application definition adding this new form. 
The Application Definition Wizard opens. The Identify Screen menu has a KA green check mark 
because the fields are identified correctly. 
By default, the Identify Fields menu is displayed. 


@ SecureLogin needs to identify the fields used on the change password screen for this 
application. The first fields on this pane are credential input fields. You might also want to 
configure more fields that exist on the change password screen. 


Fields identified in this window 


Old password field: Choose Show me 
[C] Navigate to field using keystrokes 


New password field: Choose Show me 
[C] Navigate to field using keystrokes 


Confirm new password: Choose Show me 
[C] Navigate to field using keystrokes 


6 From the Fields identified in this windows, click Show me to verify if the Old password, New 
password, and Confirm new password fields are identified correctly. 
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7 Navigate to Password generation menu. Specify how you want to generate a new password: 
whether the user specifies the password or allow Novell SecureLogin to generate a new 
password. 


0 SecureLogin can automatically generate the new password or you can allow the user to 
select it. Use this pane to tell SecureLogin how the new password is generated and 
managed. 


How will new password be managed? 


© SecureLogin generates and enters a random password 


@ The user chooses a new password 
SecureLogin will present a prompt asking for the new password. 
Please type the prompt message here 


Prompt: 
Specify a new password. 


8 Select The user chooses a new password. 


Specify how the new password is managed. By default, The user chooses a new password option is 
selected. 


9 Specify a prompt that is displayed to the user. 
10 Navigate to the Password policy menu. 


Specify whether you want to apply a password policy for the application. 
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@ SecureLogin can apply a password policy to new passwords. You can select an existing 
SecureLogin password policy or you can create a new password policy in this pane. 


? ) Do you want to apply a SecureLogin password policy? 


+ No. Do not configure a password policy for this application 


> Yes. Let me specify the password rules 
SecureLogin will need to know more information to do this 


11 Select Yes. Let me specify the password rules. 
12 Inthe Password policy field, sepcify a name for the password policy. 
13 From the password policy rules, specify the rules that apply to the new policy. 
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0 SecureLogin can apply a password policy to new passwords. You can select an existing 
SecureLogin password policy or you can create a new password policy in this pane. 


Password policy compliance 


The listbox displays all password policies detected for the current user. 
Select an existing password policy or type a name to create a new policy. 


[F] Specify the password rules 


Password policy: 
| New-Password-Policy 


Maximum length 

Minimum punctuation characters 
Maximum punctuation characters 
Minimum uppercase characters 


Bams imes me cee eee ne ob albe ae 


[C] Enforce password history 


14 Navigate to the Submit options menu. Specify how the change password screen is submitted. 


15 Select SecureLogin submits the password screen. 
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Ci} Use these options to tell SecureLogin how to submit the change password screen. The (a) 
submit action could be pressing a button. Altematively, SecureLogin may do nothing and = 
allow the user to submit the screen. 


How is the change password screen submitted? 
SecureLogin submits the password screen 

How should SecureLogin submit this screen? 

© Click this button: 


Button: Save Choose Show me 


© Type the following keystrokes: 
O Re-direct the user to this website: 


[C] Enable action when user cancels to change their password 


16 Navigate to the Matching criteria menu. Specify how Novell SecureLogin uniquely identifies 
each screen. 
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SecureLogin 


Application Screens My Account 


E] © Gmail: Email from Google 
= fe) Logon 
E Gmail: Email from Google 
Logon Notification 
rf Change Password 
[@ My Account 
Change Password Notification 
S Other 


@ SecureLogin must identify each screen uniquely.SecureLogin can identify most screens 
using the information already configured. If some screens are too similar, they maybe hard 
to distinguish and you may need to define advanced matching rules. 


?) Would you like to define advanced matching rules? 


> No. Use minimal rules based on your previous selections. 


+% Yes. Use additional Wizard generated rules. 
Useful if the screen is similar to another SecureLogin enabled 
screen or some controls on screen appear to be dynamically created. 


There are incomplete screen attributes that require more information 


17 Select No. Use minial rules based on your previous selections. 
18 Click Apply to save your settings. 
19 Click OK to exit the wizard. 
You have successfully completed creating an application definition for Gmail change password 


screen. 


Testing the Change Password 


The next time you launch Gmail and try to change the password, the application definition you 
created in Section 3.8.2, “Creating an Application Definition for Change Password,” on page 106. 


1 Launch Gmail. 
2 Navigate to the Change Password screen. The following dialog box appears. 
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3.8.3 


SecureLogin 


f™ Novell f 
7 SecureLogin, 


Enter New Password 
Specify a new password. 


New Password: | 


3 Specify the new password and confirm the new password. 


IMPORTANT: Ensure that the password policy you have set in Step 13 is adhered. 


4 Click OK. 


Creating an Application Definition for Change Password Notification 


A Change Password Notification is a message that the application displays after Novell SecureLogin 
submits the new password. This might be a confirmation or an error message. 


NOTE: You cannot create an application definition for change password notification if a change 
password form is not defined. 


This notification is important for Novell SecureLogin to know whether the password is changed 
successful because it needs to update the credentials for the application after they are updated. 


If an application definition is created for change password but not defined for change password 
notifications, Novell SecureLogin displays the following prompt: 


SecureLogin 


YD Has the password been successfully changed? 


This prompt appears before updating the credential set with the new password if it is changed 
successfully. 


In the following example, we will create an application definition for change password notification 
for Gmail application. In this example, we will consider a successful change password. 
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114 


Prerequisite 


+ An application definition is created for Gmail change password form. 


Assumption 


¢ The change password for Gmail is successful. 


1 Because you have not yet definied the change password notification, you are prompted whether 
the password is changed successfully. The following prompt appears: 


SecureLogin 


2 ) Has the password been successfully changed? 


2 Right-click the Novell SecureLogin icon on the notification area (system tray), then select Add 
Application. 


3 Drag the Choose & icon to the change password successful message screen. In this example the 
message is, Your new password has been saved - OK. 


The Add an Application Definition prompt is displayed. 


SecureLogin 


(= Add an application definition 


Drag the Choose icon onto the application's login window. Choose 


This SecureLogin window will move behind 
all other windows while you choose the target window. 


Window Title: My Account Show me 


SecureLogin has an existing user-defined application definition for this application created using the wizard. 


? ) Do you want to use the existing application definition? 


+ Yes, I want to edit the existing application definition. 
+> Yes, I want to edit the existing application definition adding this new form. 


+% Cancel, I do not want to edit the existing application definition. 


Novell SecureLogin Application Definition Wizard Administration Guide 


4 Select Yes, I want to edit the existing application definition. You are prompted to select the type of 


definition. 


5 Select Change Password Notification. 


SecureLogin 


Application Screens 


=) W Gmail: Email from Google 
B |g} Logon 
E Gmail: Email from Google 
Logon Notification 
=| S Change Password 
E My Account 


i Change Password Notification 
Other 


Gmail: Email from Google 


@ To modify the single sign-on settings for this application, navigate the tree in the 
Application windows pane on the left and select or expand a window type. Here you 
can create a new definition or delete existing definitions. Use the toolbar buttons or 
right-click a definition in the tree to see a menu of the available options. 


P} Which type of definition would you like to create? 


f=) Logon 

® Logon Notification 

[E] Change Password 

W Change Password Notification 


O Other 


6 Drag the Choose icon to the change password notification screen. 


7 (Conditional) To specify options that will be available for a user whose password change is 
successful, select the This window is a change password successful notification option. On a 
successful password change, the changed password is stored and the password notification can 


be dismissed. 


8 (Conditional) To specify options that will be available for a user whose password change fails, 
deselect the This window is a change password successful notification option. On a failed password 
change, the entered password is removed, the password notification is dismissed, and the 
password change process is restarted. 
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SecureLogin 


Application Screens New Change Password Notification Form 


[E] © Gmail: Email from Google 
a [E Logon @ A password notification is a message that the application may present after SecureLogin has 
o i: fr i submitted the new password. This might be a success or failure message. Use this pane to 

Gmail: Email from Google select the notification screen. 

Logon Notification 
E] Change Password 
E My Account . : : , 
Change Password Notification Choose the Change Password Notification screen for this application 


Drag the Choose icon onto the Change Password Notification screen. Choose 


This SecureLogin window will move behind all other 
windows while you select the target screen. 


Screen Title My Account Show me 


[E] This window is a change password successful notification 


There are incomplete screen attributes that require more information 


9 (Optional) Select SecureLogin submits the screen. 


e How is the logon notification screen submitted? 


> The user submits the screen 


> SecureLogin submits the screen 
Actions to be taken to complete the notification 


Continue with Step 11. 
10 (Optional) Select Nothing. Allow user to manage the response. 
11 Navigate to Matching criteria menu. Specify the rules to match. 
12 Seelct No. use minial rules based on your previous selections. 
13 Click Apply to save your application definition. 
14 Click OK to exit the wizard. 
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Modifying Application Definitions 


You can use the Application Definition Wizard introduced in Novell SecureLogin 7.0 to modify your 
application definitions. 


NOTE: Predefined application definitions cannot be edited by using the Application Definition 
Wizard. You must edit them manually. For more informataion about editing the application 
definitions manually, refer to the Novell SecureLogin Application Definition Guide. 


You can modify an application definition in one of the following ways: 


+ Section 4.1, “Using the Application Definition Wizard to Modify an Application Definition,” on 
page 117 
+ Section 4.2, “Using the Manage Logins Menu to Modify the Application Definition,” on page 119 


4.1 Using the Application Definition Wizard to Modify an 
Application Definition 


1 Double-click the Novell SecureLogin icon in the notification area. 


The Application Definition Wizard opens, displaying a list of applications enabled for single 
sign-on. 


P Novell SSO - [cn=writer,o=novell] 


Cc s 
P Novell SecureLogin 


SEmi] Applications Applications 

Lc) Web 

{A Windows g New ëg 
H My Logins iy 
E3 Preferences Application Type Id 

{=} Password Policies Citrix Program Neighborhood Agent Windows PNAGENT.EXE 

Meditech Windows vmagic.exe 
Microsoft SQL Windows isqlw.exe 
Microsoft Windows Live ID Web Wizard Script live.com 
Yahoo! Mail: The best web-based e... Generic Wizard login. yahoo.com 


2 From the Applications pane, select the application definition you want to modify. 


3 Click the Definition tab. 
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Sos) e (mr 


4 Select Edit Wizard. The attributes pane opens, enabling you to edit the application definition. 
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[=] New -|x 


(B © iexplore.exe - Yahoo! Mail: The best wet 
B E] Logon 
E Yahoo! Mail: The best web-base: 
E (@ Logon Notification 
[@ New Logon Notification Form 


Change Password 
3 oon Password Notification Choose the logon screen for this application 


Other 


@ SecureLogin needs to identify the logon screen for this application. You can choose or 
change the selection on this pane. 


Drag the Choose icon onto the logon screen. 


This SecureLogin window will move behind all other 
windows while you select the target screen. 


Screen Title Yahoo! Mail: The best web-based... 


5 Change the application definition. 


For more information on attributes that can be modified for an aplication definition, see 
Section 2.1, “The Application Screens Pane,” on page 10. 


6 Click Apply to save your changes. 
7 Click OK to exit. 


4.2 Using the Manage Logins Menu to Modify the Application 
Definition 


1 Right-click the Novell SecureLogin icon in the notification area, then click Manage Logins. 
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Add Application 
Manage Logins 


New Login 
Advanced > 


vV Active 
About 


Log Off User 


Close 


2 The administrative management utility displays a list of applications that are already enabled 
for single sign-on. 


P Novell SSO - [cn=writer,o=novell] 


Eimi] Applications Applications 
Lg Web 
a fa Windows New Delete 
ae ee il 
Application Type Id 
Citrix Program Neighborhood Agent Windows PNAGENT.EXE 
Meditech Windows vmagic.exe 
Microsoft SQL Windows isqlw.exe 
Microsoft Windows Live ID Web Wizard Script live.com 
Yahoo! Mail: The best web-based e... Generic Wizard login. yahoo.com 


3 From the Applications pane, select the application definition you want to modify. 
4 Click the Definition tab. 
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Application - "iexplore.exe - Yahoo! Mail: The best web-based..." 


LK} (cance) [apoy _ | 


5 Select Edit Wizard. The attributes pane opens, enabling you to edit the application definition. 
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Bnw ~| x 
S ®@ iexplore.exe - Yahoo! Mail: The best wet : ; : 
5 [E] Logon @ SecureLogin needs to identify the logon screen for this application. You can choose or 
© Yahoo! Mail: The best web-baset groote aed 

E & Logon Notification 
[@ New Logon Notification Form 

TA] Change Password 
Change Password Notification Choose the logon screen for this application 
Other 


Drag the Choose icon onto the logon screen. 


This SecureLogin window will move behind all other 
windows while you select the target screen. 


6 Make the changes. 


For more information on attributes that can be modified for an aplication definition, see 
Section 2.1, “The Application Screens Pane,” on page 10. 


7 Click Apply to save your changes. 
8 Click OK to exit. 


122 Novell SecureLogin Application Definition Wizard Administration Guide 


Setting the Wizard Mode Preference 


Access to the Application Definition Wizard is controlled by the Novell SecureLogin Wizard Mode 
preference, which is available in the administrative management utilities. You can enable or disable 
access to the Application Definition Wizard for users. 

1 Launch the administrative management utilities (iManager, SLManager, or MMC snap-ins). 


2 Navigate to Preferences > General > Wizard mode. 


Enforce passphrase use 


Enter API license key(s) 


Password protect the system tray icon 


Provide API Access 


Stop walking here 


Wizard mode 


User 
Disabled 
Default 


The Wizard Mode has three settings: 


¢ Administrator: The Administrator option controls users access to the Application Definition 
Wizard. 


If the Wizard mode is set to Administrator, users can create and edit application definitions 
by using the Wizard. 


This is the default setting. 


+ User: The User preference controls a user’s ability to create login credential sets for new 
applications by using the auto-detection setting. 


If the preference is set to User: 


¢ The I want to single sign enable using the wizard option is not available when an 
application is detected for single sign-on. 


¢ The Edit Wizard button is disabled in the Novell SecureLogin Client Utility. 


¢ The Add Application option is not available from the Novell SecureLogin icon in the 
notification area. 


¢ Disabled: This preference controls launching the Application Definition Wizard when an 
application is detected for single sign-on. 


If the Wizard mode preference is set to Disabled: 


¢ All automatic prompts to enable an application for single sign-on are disabled. The 
user is not prompted to enable any application for single sign-on. 
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¢ The Edit Wizard button is disabled in the Novell SecureLogin Client Utility. 


+ The Add Application option is not available from the Novell SecureLogin icon in the 
notification area. 


NOTE: The Allow user to modify application definitions preference overrules the Wizard 
mode preference. If users are not allowed to modify application definitions, the Wizard 
preference has no effect. 


* Default: The Default setting is the same as Administrator setting. 
3 Select the options you want to set. 


4 Click Apply and OK to save and exit. 
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Deploying Application Definitions 


If you use the Application Definition Wizard to create an application definition, the definition is 
stored in your user object in the directory. 


Restrict the access to the Application Definition Wizard to administrators only. Create and test 
application definitions on a test account deploying them in the organization. For details on 
distributing the application definition configurations, see “Distributing Configurations” in the Novell 
SecureLogin Administration Guide. 


For information on manually creating and editing an application definition, see the Novell 
SecureLogin Application Definition Guide. 


Deploying Application Definitions 125 


126 Novell SecureLogin Application Definition Wizard Administration Guide 


Compatibility with Earlier Versions 


The Application Definition Wizard is designed for SecureLogin version 7.0 and later. You cannot use 
the Application Definition Wizard to edit application definitions created or edited manually by using 
previous versions. You can only manually edit the application definitions created in the earlier 
versions. 


However, you can export the application definition created in previous versions for manual editing. 
For details on exporting the application definition configurations, see “Distributing Configurations” 
in the Novell SecureLogin Administration Guide. 


To edit the old application, 


1 Double-click the Novell SecureLogin icon on the notification area (system tray). 
2 From the Applications list, select the application definition you want to edit. 
3 Click the Definition tab, then click Convert to Application Definition. 


The application definition pane opens in the Definition tab. 


4 Manually add the application definition and export to the earlier version. 


IMPORTANT: If you want to edit a particular application definition using the Wizard, delete the 
earlier application definition from the directory before editing the chosen application definition. 
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8.1 


8.1.1 


8.1.2 


Limitations, Tips, and Troubleshooting 


Some applications cannot be enabled for single sign-on using the Application Definition Wizard. This 
section provides information of the support for such applications. 

¢ Section 8.1, “Limitations,” on page 129 

¢ Section 8.2, “Tips,” on page 130 

è Section 8.3, “Troubleshooting,” on page 133 


Limitations 


¢ Section 8.1.1, “Support for INET Framework,” on page 129 

+ Section 8.1.2, “Support for Non-Natively Supported UI Framework,” on page 129 
+ Section 8.1.3, “Defining Password Notification,” on page 130 

è Section 8.1.4, “Specifying Reauthentication Rules,” on page 130 

¢ Section 8.1.5, “Incorrect Login Notifications in Mozilla Firefox,” on page 130 


¢ Section 8.1.6, “Single Sign-On For Microsoft Windows Vista Remote Desktop Client,” on 
page 130 


Support for .NET Framework 


Novell SecureLogin 7.0 SP1 supports .NET Framework 3.5 SP1. However, the .NET Framework 
should already exist for SecureLogin to use it. So, ensure that the framework is available in your 
system before installing Novell SecureLogin 7.0 SP1 or upgrading to Novell SecureLogin 7.0 SP1. 


Support for Non-Natively Supported UI Framework 


You cannot enable single sign-on for applications that are built in on non-natively supported UI 
framework such as Microsoft .NET framework, Gecko, and QT. 


For example, applications such as Mozilla Thunderbird 2.0.0.18, Novell iFolder cannot be enabled for 
single sign-on using the Wizard. The Wizard fails to detect the control to enable these applications. 
You can however, enable single sign-on for such applications without using the Wizard. 


For some applications, such as Mozilla Thunderbird, though you can use the keystrokes, SecureLogin 
identifies the login fields wrongly. It identifies both the username and password fields only when the 
password dialog box appears. 


To resolve this problem, deselect the Navigate to field using keystroke option for the username and 
proceed to enable single sign-on. 


The buttons in Windows applications that contain QT controls are displayed as Edit fields. 
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This incorrect identification is because all QT controls are part of an unsupported Windows class 
framework, QWidget. As buttons are also QWidgets, they are identified and displayed as Edit fields. 


8.1.3 Defining Password Notification 


You cannot use the Application Definition Wizard password notification if the application displaying 
the password notification, such as invalid credentials is different from the application displaying the 
credentials. 


For example, application definition for Novell iPrint Client fails because the Windows Wizard does 
not detect failed authentication. 


This is a limitation in the design of the Wizard. The application prompting for credentials is different 
from the application displaying the authentication failure. The Wizard does not support this and it is 
handled by the SetPlat script. For information on the “SetPlat “script, refer to the Novell SecureLogin 
Application Definition Guide. 


NOTE: The limitation applies to all applications where the notification dialog box is different from 
the application used by the Wizard. 


8.1.4 Specifying Reauthentication Rules 


If you have deployed Novell SecureLogin in the Standalone mode, you cannot specify 
reauthentication rules. The reauthentication rule does not apply to Novell SecureLogin in the 
Standalone mode. The Application Definition Wizard does not recognize the mode of deployment. 


8.1.5 Incorrect Login Notifications in Mozilla Firefox 


The Application Definition Wizard cannot define login notifications such as incorrect password or 
incorrect login that are displayed through browser popups in Mozilla* Firefox*. The Application 
Definition Wizard considers the popup windows as URL and tries to add them to the already defined 
definition for that URL. 


8.1.6 Single Sign-On For Microsoft Windows Vista Remote Desktop Client 


Novell SecureLogin might not pass the correct domain name while performing a single sign-on 
operation for the Microsoft Windows Vista Remote Desktop client in either the Novell Client or 
LDAP mode. 


8.2 Tips 


¢ Section 8.2.1, “Detecting Multiple Controls,” on page 131 

+ Section 8.2.2, “Using Dynamic Controls,” on page 132 

+ Section 8.2.3, “Citrix Published Applications,” on page 132 
+ Section 8.2.4, “COM Applications,” on page 132 
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8.2.1 Detecting Multiple Controls 


When Novell SecureLogin detects a typical, simple login screen containing a username field, 
password field, and a submit button, it displays the following prompt: 


Figure 8-1 Prompt to Enable Simple Login Screens 


(= SecureLogin has detected a password field on this screen 


Window Title: Gmail: Email from Google Show me 


Application URL | www.google.com 


@ Do you want to single sign enable the screen? 
+ Yes, I want to single sign using the default selections done by the wizard. 
+ Yes, I want to single sign enable the screen using the wizard. 
> Cancel, I do not want to single sign this screen at this time. 


> No, Never prompt me to single sign this screen. 


A complex login screen might offer users a choice to log in to different network, check the status of a 
flight, and similar multi-actions. When a complex login screen is detected, the following prompt is 
displayed. 
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8.2.2 


8.2.3 


8.2.4 


Figure 8-2 Prompt for Complex Screens 


rn 


SecureLogin a) 


eS SecureLogin has detected a password field on this screen 


Window Title: Singapore Airlines Show me 


Application URL www.singaporeair.com 


© Do you want to single sign enable the screen? 
i + Yes, I want to single sign using the default selections done by the wizard. 
+> Yes, I want to single sign enable the screen using the wizard. (Recommended) 
> Cancel, I do not want to single sign this screen at this time. 


> No, Never prompt me to single sign this screen. 


Select I want to single sign-on enable the screen using the wizard. (Recommended) to review and if 
necessary edit the selection done by the Wizard. 


Alternatively, you can define the application using the default selection done by the Wizard and edit 
the definition, later. 


Using Dynamic Controls 


You can use the Windows Finder tool to identify whether your application uses dynamic controls. 
For information on using the Windows Finder tool, see “Finding Application Details with Window 
Finder” in the Novell SecureLogin Application Definition Guide. 


If an application uses dynamic controls, use the Navigate to field using keystrokes option to select and 
populate the fields. See Section 2.5, “Recording Keystrokes,” on page 62. 


Citrix Published Applications 


The Application Definition Wizard does not detect Citrix published applications. Run the 
applications on a workstation to manually create an application definition by using the Wizard. 


COM Applications 


The Application Definition Wizard cannot differentiate between a COM application (where Internet 
Explorer* is the top parent) prompt and a genuine Internet Explorer prompt. To create an application 
definition for COM applications, extend the default Internet Explorer script or create a new one 
based on the Internet Explorer model. 
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8.3 Troubleshooting 


+ Section 8.3.1, “Redirecting to Login Page,” on page 133 


+ Section 8.3.2, “Remote Desktop Connection,” on page 135 


8.3.1 Redirecting to Login Page 


Some Web applications such as Novell iFolder, Quickfinder, ZENworks Configuration Management, 
and ZENworks Linux Management display the login failure notifications on the same page as the 
login notifications. When a Login Notification page is detected for such applications, it prompts for 
correct credentials. However, because the user has already provided the credentials, SecureLogin 
does not re-enter the new password. 


To resubmit the new credentials, redirect users’ to main login page. 


In the following example, the user has specified incorrect credentials when logging in to Novell 
ZENworks Control Center. The user must be redirected to the main login page to specify correct 
credentials. 


To redirect the user: 


Limitations, Tips, and Troubleshooting 133 


Figure 8-3 Login Failure is Displayed on the Login Page 


Novelle ZENworkse Login 


| 
| Qro: Your username or password is incorrect, please check spelling and 


try again 
Management Zone: 
Username: 
password: 
Language: 
[Login] 
N 


© Copyright 1999-2009 Novell, Inc. All rights reserved. 


1 While creating the login notification, under Submit options, select Re-direct user to this website. 


2 Specify the URL for redirection. 


@new ~| x 
a Ø Signin 
o [&} Logon 
B Sign In 
E © Logon Notification = 
E New Logon Notification Form 0 Use these options to tell SecureLogin how to submit the logon notification screen. The 
[F] Change Password submit action could be pressing a button. Altematively, SecureLogin may do nothing and 
Change Pa: Notification allow the user to submit the screen. 


Other 


Actions to be taken to complete the notification 


How should SecureLogin submit this screen? 
© Click this button: 

© Type the following keystrokes: 

@ Re-direct the user to this website: 


Type the URL: 
http:/192. 168. 1.255/zenworks/isp/Login.jsp 


The next time incorrect credentials are submitted, the following events occure. 


1. The Login Notification is detected. 
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2. User is prompted for credentials. 
3. User specifies correct credentials. 
4. SecureLogin redirects to the login page. 


5. SecureLogin submits the credentials and logs in the user successfully. 


8.3.2 Remote Desktop Connection 


When a Windows application is detected, SecureLogin scans the application to detect if there is a 
valid script or if it must be enabled for single sign-on. 


Similarly, in a remote desktop connection when applications are inactive, Novell SecureLogin scans 
for Windows applications and prompts you to enable them for single sign-on. 


This is an expected behavior. 


If you want to enable a remote desktop client, use a prebuilt script. By default, on Microsoft Windows 
Vista, the prebuilt passes the system credentials, that is, the network credentials are sent to connect to 
the RDP session. If you want to change the behavior, do one of the following: 


+ Set $PassSysVariableOnly to No. You are prompted to enter your system or other credentials. 


+ Set $PromptForCredentialChangeOnEachLogin to Yes. You are prompted to select a credential 
set each time you log in. 


NOTE: The remote desktop client application has two different GUIs on Microsoft Windows XP and 
Microsoft Windows Vista*. This makes it complex if the application definition must run on both 
platforms. Particularly on Microsoft Windows Vista, the Wizard defines this application using the 
Navigate to field using keystrokes option. 
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